Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2018-08-03 | clone: fix directory traversal | Jason A. Donenfeld | 1 | -4/+19 | |
This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com> | |||||
2018-08-03 | config: record repo.snapshot-prefix in the per-repo config | Konstantin Ryabitsev | 1 | -0/+2 | |
Even if we find snapshot-prefix in the repo configuration, we are not writing it out into the rc- file, so setting the value does not have any effect. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> |