tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

models/release: filter input to prevent command line argument vulnerability

Browse Source
This commit is contained in:
Unknwon
2016-05-06 15:40:41 -04:00
parent 3df8eb60e3
commit 0a78d99a4d
7 changed files with 11 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
models/issue.go
View File

@@ -546,9 +546,9 @@ func Issues(opts *IssuesOptions) ([]*Issue, error) {
sess.Desc("created_unix")
}
if opts.Labels != "0" {
if len(opts.Labels) > 0 && opts.Labels != "0" {
labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
if opts.Labels != "" && len(labelIDs) > 0 {
if len(labelIDs) > 0 {
sess.Join("INNER", "issue_label", "issue.id = issue_label.issue_id").In("label_id", labelIDs)
}
}
@@ -785,9 +785,9 @@ func GetIssueStats(opts *IssueStatsOptions) *IssueStats {
countSession := func(opts *IssueStatsOptions) *xorm.Session {
sess := x.Where("issue.repo_id = ?", opts.RepoID).And("is_pull = ?", opts.IsPull)
if opts.Labels != "0" {
if len(opts.Labels) > 0 && opts.Labels != "0" {
labelIDs := base.StringsToInt64s(strings.Split(opts.Labels, ","))
if opts.Labels != "" && len(labelIDs) > 0 {
if len(labelIDs) > 0 {
sess.Join("INNER", "issue_label", "issue.id = issue_id").In("label_id", labelIDs)
}
}