mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 03:57:13 +08:00 
			
		
		
		
	Disallow urlencoded new lines in git protocol paths if there is a port (#13521)
Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
		| @ -102,6 +102,9 @@ func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models | ||||
| 			u.User = url.UserPassword(authUsername, authPassword) | ||||
| 		} | ||||
| 		remoteAddr = u.String() | ||||
| 		if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteAddr, "%0d") || strings.Contains(remoteAddr, "%0a")) { | ||||
| 			return "", models.ErrInvalidCloneAddr{IsURLError: true} | ||||
| 		} | ||||
| 	} else if !user.CanImportLocal() { | ||||
| 		return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true} | ||||
| 	} else if !com.IsDir(remoteAddr) { | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 zeripath
					zeripath