mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 03:57:13 +08:00 
			
		
		
		
	Disallow urlencoded new lines in git protocol paths if there is a port (#13521)
Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
		| @ -102,6 +102,9 @@ func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models | |||||||
| 			u.User = url.UserPassword(authUsername, authPassword) | 			u.User = url.UserPassword(authUsername, authPassword) | ||||||
| 		} | 		} | ||||||
| 		remoteAddr = u.String() | 		remoteAddr = u.String() | ||||||
|  | 		if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteAddr, "%0d") || strings.Contains(remoteAddr, "%0a")) { | ||||||
|  | 			return "", models.ErrInvalidCloneAddr{IsURLError: true} | ||||||
|  | 		} | ||||||
| 	} else if !user.CanImportLocal() { | 	} else if !user.CanImportLocal() { | ||||||
| 		return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true} | 		return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true} | ||||||
| 	} else if !com.IsDir(remoteAddr) { | 	} else if !com.IsDir(remoteAddr) { | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user
	 zeripath
					zeripath