mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-17 06:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Address some CodeQL security concerns (#35572)

Browse Source 
Although there is no real security problem
This commit is contained in:
wxiaoguang
2025-10-04 01:21:26 +08:00
committed by GitHub
parent c4532101a4
commit 71360a94cb
35 changed files with 118 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
models/repo/repo.go
View File

@@ -605,7 +605,7 @@ func (repo *Repository) IsGenerated() bool {
// RepoPath returns repository path by given user and repository name.
func RepoPath(userName, repoName string) string { //revive:disable-line:exported
return filepath.Join(user_model.UserPath(userName), strings.ToLower(repoName)+".git")
return filepath.Join(setting.RepoRootPath, filepath.Clean(strings.ToLower(userName)), filepath.Clean(strings.ToLower(repoName)+".git"))
}
// RepoPath returns the repository path

2
models/user/user.go
View File

@@ -980,7 +980,7 @@ func GetInactiveUsers(ctx context.Context, olderThan time.Duration) ([]*User, er
// UserPath returns the path absolute path of user repositories.
func UserPath(userName string) string { //revive:disable-line:exported
return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
return filepath.Join(setting.RepoRootPath, filepath.Clean(strings.ToLower(userName)))
}
// GetUserByID returns the user object by given ID if exists.