1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-25 13:19:37 -05:00
forgejo/modules
JakobDev a12f575737
Clean Path in Options (#23006)
At the Moment it is possible to read files in another Directory as
supposed using the Options functions. e.g.
`options.Gitignore("../label/Default) `. This was discovered while
working on #22783, which exposes `options.Gitignore()` through the
public API. At the moment, this is not a security problem, as this
function is only used internal, but I thought it would be a good idea to
make a PR to fix this for all types of Options files, not only
Gitignore, to make it safe for the further. This PR should be merged
before the linked PR.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2023-03-08 15:07:58 +08:00
..
actions Fix actions workflow branches match bug (#22724) 2023-02-02 20:40:08 +08:00
activitypub Add Chef package registry (#22554) 2023-02-06 09:49:21 +08:00
analyze Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
auth Fix various bugs for "install" page (#23194) 2023-03-04 10:12:02 +08:00
avatar Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
base Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
cache Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
charset Fix isAllowed of escapeStreamer (#22814) 2023-02-09 20:51:36 +08:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
csv Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
doctor Refactor setting.Database.UseXXX to methods (#23354) 2023-03-07 18:51:06 +08:00
emoji Fix unstable emoji sort (#22346) 2023-01-05 13:58:51 +02:00
eventsource Move convert package to services (#22264) 2022-12-29 10:57:15 +08:00
generate Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
git Refactor and tidy-up the merge/update branch code (#22568) 2023-03-07 15:07:35 -05:00
gitgraph Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
graceful Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
hostmatcher Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
html Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
httpcache Add some comments for recent code (#22725) 2023-02-02 11:39:38 -06:00
httplib Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
indexer Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
issue/template Allow issue templates to not render title (#22589) 2023-01-26 22:45:49 -06:00
json Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00
label Add loading yaml label template files (#22976) 2023-03-02 01:44:23 +02:00
lfs Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
log Improve trace logging for pulls and processes (#22633) 2023-02-03 18:11:48 -05:00
markup Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics include build info in Prometheus metrics (#22819) 2023-02-08 19:54:01 +02:00
migration Scoped labels (#22585) 2023-02-18 21:17:39 +02:00
mirror Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
nosql Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
notification Implement actions (#21937) 2023-01-31 09:45:19 +08:00
options Clean Path in Options (#23006) 2023-03-08 15:07:58 +08:00
packages Use import of OCI structs (#22765) 2023-02-06 10:07:09 +00:00
paginator Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private Implement actions (#21937) 2023-01-31 09:45:19 +08:00
process Improve trace logging for pulls and processes (#22633) 2023-02-03 18:11:48 -05:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
queue Properly flush unique queues on startup (#23154) 2023-02-28 17:55:43 -05:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Use correct captured group range when parsing cross-reference (#22672) 2023-01-31 10:08:05 +01:00
regexplru Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repository Add loading yaml label template files (#22976) 2023-03-02 01:44:23 +02:00
secret Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
session Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00
setting Refactor setting.Database.UseXXX to methods (#23354) 2023-03-07 18:51:06 +08:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
storage Add InsecureSkipVerify to Minio Client for Storage (#23166) 2023-02-27 16:26:13 +00:00
structs Add scopes to API to create token and display them (#22989) 2023-02-20 15:28:44 -06:00
svg Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Add context when rendering labels or emojis (#23281) 2023-03-05 22:59:05 +01:00
test Rename repo.GetOwner to repo.LoadOwner (#22967) 2023-02-18 20:11:03 +08:00
timeutil Check for zero time instant in TimeStamp.IsZero() (#22171) 2022-12-20 10:04:55 +08:00
translation Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Do not recognize text files as audio (#23355) 2023-03-07 22:40:41 -05:00
updatechecker Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
validation Map OIDC groups to Orgs/Teams (#21441) 2023-02-08 14:44:42 +08:00
watcher Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
web Map OIDC groups to Orgs/Teams (#21441) 2023-02-08 14:44:42 +08:00
webhook Restructure webhook module (#22256) 2023-01-01 23:23:15 +08:00