tdsds.com/gitea
tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-01-24 08:34:28 +00:00
Code Releases Activity
gitea/modules
History
zeripath 0b1686b67a
Prevent redirect to Host (2) (#19175) 
Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.

Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`

Reference #9678

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-23 16:12:36 +00:00
..
activitypub
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
analyze
Use git attributes to determine generated and vendored status for language stats and diffs (#16773)
2021-09-09 21:13:36 +01:00
appstate
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
auth
RSS/Atom support for Repos (#19055)
2022-03-13 17:40:47 +01:00
avatar
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
base
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
cache
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
charset
Don't treat BOM escape sequence as hidden character. (#18909)
2022-02-26 16:48:23 +00:00
context
Prevent redirect to Host (2) (#19175)
2022-03-23 16:12:36 +00:00
convert
API: Return primary language and repository language stats API URL (#18396)
2022-01-25 08:33:40 +02:00
csv
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
doctor
Use ctx instead of db.DefaultContext in some packages(routers/services/modules) (#19163)
2022-03-22 16:22:54 +01:00
emoji
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
eventsource
Simplify parameter types (#18006)
2021-12-20 04:41:31 +00:00
generate
Use base32 for 2FA scratch token (#18384)
2022-01-26 12:10:10 +08:00
git
Make migrations SKIP_TLS_VERIFY apply to git too (#19132)
2022-03-19 14:16:38 +00:00
gitgraph
Change git.cmd to RunWithContext (#18693)
2022-02-11 13:47:22 +01:00
graceful
Immediately Hammer if second kill is sent (#18823)
2022-02-19 16:36:25 +00:00
hcaptcha
hCaptcha Support (#12594)
2020-10-02 23:37:53 -04:00
highlight
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
hostmatcher
remove not needed (#19128)
2022-03-18 20:17:57 +01:00
httpcache
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
httplib
refactor httplib (#18338)
2022-01-19 19:31:39 -05:00
indexer
Prevent Stats Indexer reporting error if repo dir missing (#18870)
2022-02-24 23:22:09 -05:00
json
Make gitea, gitea-vet future-proof (#18361)
2022-01-22 21:59:34 +00:00
lfs
Update HTTP status codes to modern codes (#18063)
2022-03-23 12:54:07 +08:00
log
migrations: add test for importing pull requests in gitea uploader (#18752)
2022-02-25 17:20:50 +08:00
markup
nit fix (#19116)
2022-03-17 20:04:36 +02:00
metrics
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
migration
Store the foreign ID of issues during migration (#18446)
2022-03-17 18:08:35 +01:00
nosql
[API] Allow removing issues (#18879)
2022-03-01 01:20:15 +01:00
notification
[API] Allow removing issues (#18879)
2022-03-01 01:20:15 +01:00
options
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
password
Fixed assert statements. (#16089)
2021-06-07 07:27:09 +02:00
pprof
refactor: move from io/ioutil to io and os package (#17109)
2021-09-22 13:38:34 +08:00
private
Update HTTP status codes to modern codes (#18063)
2022-03-23 12:54:07 +08:00
process
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
proxy
Return nil proxy function if proxy not enabled (#16742)
2021-08-19 16:41:20 -04:00
public
Fix mime-type detection for HTTP server (#18370)
2022-01-23 20:19:49 +08:00
queue
Add number in queue status to monitor page (#18712)
2022-02-12 13:31:26 +08:00
recaptcha
refactor: move from io/ioutil to io and os package (#17109)
2021-09-22 13:38:34 +08:00
references
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
repository
Use ctx instead of db.DefaultContext in some packages(routers/services/modules) (#19163)
2022-03-22 16:22:54 +01:00
secret
Use CryptoRandomBytes instead of CryptoRandomString (#18439)
2022-02-04 18:03:15 +01:00
session
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
setting
Ensure that setting.LocalURL always has a trailing slash (#19171)
2022-03-22 16:59:57 +00:00
ssh
Update golang.org/x/crypto (#19097)
2022-03-16 02:59:53 +01:00
storage
Clean paths when looking in Storage (#19124)
2022-03-22 17:02:26 -04:00
structs
Add config option to disable "Update branch by rebase" (#18745)
2022-03-04 03:30:49 -05:00
svg
refactor: move from io/ioutil to io and os package (#17109)
2021-09-22 13:38:34 +08:00
sync
Fix missing unlock in uniquequeue (#9790)
2020-01-15 23:58:33 +02:00
templates
Prevent start panic due to missing DotEscape function
2022-03-23 16:08:27 +00:00
test
Use ctx instead of db.DefaultContext in some packages(routers/services/modules) (#19163)
2022-03-22 16:22:54 +01:00
timeutil
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
translation
Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
2022-02-08 11:02:30 +08:00
typesniffer
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
updatechecker
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
upload
Simplify parameter types (#18006)
2021-12-20 04:41:31 +00:00
uri
Prevent NPE if gitea uploader fails to open url (#18080)
2021-12-23 16:27:33 +00:00
user
Add gitea-vet (#10948)
2020-04-05 07:20:50 +01:00
util
Cleanup protected branches when deleting users & teams (#19158)
2022-03-22 09:09:45 +08:00
validation
format with gofumpt (#18184)
2022-01-20 18:46:10 +01:00
web
Update HTTP status codes to modern codes (#18063)
2022-03-23 12:54:07 +08:00