tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

models/release: filter input to prevent command line argument vulnerability

Browse Source
This commit is contained in:
Unknwon
2016-05-06 15:40:41 -04:00
parent 3df8eb60e3
commit 0a78d99a4d
7 changed files with 11 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
models/release.go
View File

@@ -67,6 +67,8 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
return fmt.Errorf("GetBranchCommit: %v", err)
}
// Trim '--' prefix to prevent command line argument vulnerability
rel.TagName = strings.TrimPrefix(rel.TagName, "--")
if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
return err
}