From 86ada875296eb81ffd902f976eedee9ea0f19859 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 18 Dec 2018 01:31:04 -0500
Subject: models/repo_editor: sanitize user-defined file name to prevent RCE
 (#5558)

Reported by PentesterLab (https://pentesterlab.com).
---
 models/repo_editor.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'models')

diff --git a/models/repo_editor.go b/models/repo_editor.go
index 810556ec..a302a8de 100644
--- a/models/repo_editor.go
+++ b/models/repo_editor.go
@@ -328,7 +328,7 @@ func (upload *Upload) LocalPath() string {
 func NewUpload(name string, buf []byte, file multipart.File) (_ *Upload, err error) {
 	upload := &Upload{
 		UUID: gouuid.NewV4().String(),
-		Name: name,
+		Name: tool.SanitizePath(name),
 	}
 
 	localPath := upload.LocalPath()
-- 
cgit v1.2.3