From 86ada875296eb81ffd902f976eedee9ea0f19859 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 18 Dec 2018 01:31:04 -0500
Subject: models/repo_editor: sanitize user-defined file name to prevent RCE
 (#5558)

Reported by PentesterLab (https://pentesterlab.com).
---
 pkg/tool/path.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'pkg/tool/path.go')

diff --git a/pkg/tool/path.go b/pkg/tool/path.go
index e478abc5..3c0d2d02 100644
--- a/pkg/tool/path.go
+++ b/pkg/tool/path.go
@@ -4,9 +4,18 @@
 
 package tool
 
+import (
+	"strings"
+)
+
 // IsSameSiteURLPath returns true if the URL path belongs to the same site, false otherwise.
 // False: //url, http://url, /\url
 // True: /url
 func IsSameSiteURLPath(url string) bool {
 	return len(url) >= 2 && url[0] == '/' && url[1] != '/' && url[1] != '\\'
 }
+
+// SanitizePath sanitizes user-defined file paths to prevent remote code execution.
+func SanitizePath(path string) string {
+	return strings.TrimLeft(path, "./")
+}
-- 
cgit v1.2.3