aboutsummaryrefslogtreecommitdiff
path: root/services
diff options
context:
space:
mode:
authorLunny Xiao2023-03-08 20:17:39 +0800
committerGitHub2023-03-08 20:17:39 +0800
commitb116418f05b822481bba3613873eef876da73814 (patch)
tree65d1d88d940c26029e7ef920c4dd30761763ce46 /services
parent090e75392385041b3abb30d02564962a3ff687f6 (diff)
Use CleanPath instead of path.Clean (#23371)
As title.
Diffstat (limited to 'services')
-rw-r--r--services/migrations/gitea_uploader.go4
-rw-r--r--services/packages/container/blob_uploader.go4
-rw-r--r--services/repository/files/file.go4
3 files changed, 6 insertions, 6 deletions
diff --git a/services/migrations/gitea_uploader.go b/services/migrations/gitea_uploader.go
index 8b259a362..ca961524d 100644
--- a/services/migrations/gitea_uploader.go
+++ b/services/migrations/gitea_uploader.go
@@ -9,7 +9,6 @@ import (
"fmt"
"io"
"os"
- "path"
"path/filepath"
"strconv"
"strings"
@@ -30,6 +29,7 @@ import (
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/uri"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/pull"
"github.com/google/uuid"
@@ -866,7 +866,7 @@ func (g *GiteaLocalUploader) CreateReviews(reviews ...*base.Review) error {
}
// SECURITY: The TreePath must be cleaned!
- comment.TreePath = path.Clean("/" + comment.TreePath)[1:]
+ comment.TreePath = util.CleanPath(comment.TreePath)
var patch string
reader, writer := io.Pipe()
diff --git a/services/packages/container/blob_uploader.go b/services/packages/container/blob_uploader.go
index ba92b0507..860672587 100644
--- a/services/packages/container/blob_uploader.go
+++ b/services/packages/container/blob_uploader.go
@@ -8,13 +8,13 @@ import (
"errors"
"io"
"os"
- "path"
"path/filepath"
"strings"
packages_model "code.gitea.io/gitea/models/packages"
packages_module "code.gitea.io/gitea/modules/packages"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
)
var (
@@ -33,7 +33,7 @@ type BlobUploader struct {
}
func buildFilePath(id string) string {
- return filepath.Join(setting.Packages.ChunkedUploadPath, path.Clean("/" + strings.ReplaceAll(id, "\\", "/"))[1:])
+ return filepath.Join(setting.Packages.ChunkedUploadPath, util.CleanPath(strings.ReplaceAll(id, "\\", "/")))
}
// NewBlobUploader creates a new blob uploader for the given id
diff --git a/services/repository/files/file.go b/services/repository/files/file.go
index 2bac4372d..7939491ae 100644
--- a/services/repository/files/file.go
+++ b/services/repository/files/file.go
@@ -7,7 +7,6 @@ import (
"context"
"fmt"
"net/url"
- "path"
"strings"
"time"
@@ -15,6 +14,7 @@ import (
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git"
api "code.gitea.io/gitea/modules/structs"
+ "code.gitea.io/gitea/modules/util"
)
// GetFileResponseFromCommit Constructs a FileResponse from a Commit object
@@ -129,7 +129,7 @@ func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *user_m
// CleanUploadFileName Trims a filename and returns empty string if it is a .git directory
func CleanUploadFileName(name string) string {
// Rebase the filename
- name = strings.Trim(path.Clean("/"+name), "/")
+ name = strings.Trim(util.CleanPath(name), "/")
// Git disallows any filenames to have a .git directory in them.
for _, part := range strings.Split(name, "/") {
if strings.ToLower(part) == ".git" {