mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-06-02 13:40:02 +00:00
a12f575737
At the Moment it is possible to read files in another Directory as
supposed using the Options functions. e.g.
`options.Gitignore("../label/Default) `. This was discovered while
working on #22783, which exposes `options.Gitignore()` through the
public API. At the moment, this is not a security problem, as this
function is only used internal, but I thought it would be a good idea to
make a PR to fix this for all types of Options files, not only
Gitignore, to make it safe for the further. This PR should be merged
before the linked PR.
---------
Co-authored-by: Jason Song <i@wolfogre.com>
|
||
|---|---|---|
| .. | ||
| base.go | ||
| dynamic.go | ||
| options.go | ||
| options_bindata.go | ||
| repo.go | ||
| static.go | ||