about summary refs log tree commit diff
path: root/git
diff options
context:
space:
mode:
authorLars Hjemli <hjemli@gmail.com>2011-05-14 20:00:33 +0200
committerLars Hjemli <hjemli@gmail.com>2011-05-14 20:00:33 +0200
commit4837fddc35bbd8d6f66a40486f75cdee3197172d (patch)
treee89019e5fbc78f254232cc45db7a6d217db7e5a3 /git
parentMerge branch 'stable' (diff)
parentReturn 404 on command not found (diff)
downloadcgit-pink-4837fddc35bbd8d6f66a40486f75cdee3197172d.tar.gz
cgit-pink-4837fddc35bbd8d6f66a40486f75cdee3197172d.zip
Merge branch 'dm/disable-clone'
Diffstat (limited to 'git')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-02-11 02:01:56 +0000


 


class='nohover-highlight'>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2018-08-03clone: fix directory traversalJason A. Donenfeld

This was introduced in the initial version of this code, way back when
in 2008.

$ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd
root:x:0:0:root:/root:/bin/sh
...

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Jann Horn <jannh@google.com>



2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev