Address some CodeQL security concerns (#35572)

Although there is no real security problem
2025-10-13 20:26:01 +00:00 · 2025-10-04 01:21:26 +08:00
parent c4532101a4
commit 71360a94cb
35 changed files with 118 additions and 78 deletions
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -605,7 +605,7 @@ func (repo *Repository) IsGenerated() bool {

 // RepoPath returns repository path by given user and repository name.
 func RepoPath(userName, repoName string) string { //revive:disable-line:exported
-	return filepath.Join(user_model.UserPath(userName), strings.ToLower(repoName)+".git")
+	return filepath.Join(setting.RepoRootPath, filepath.Clean(strings.ToLower(userName)), filepath.Clean(strings.ToLower(repoName)+".git"))
 }

 // RepoPath returns the repository path