/contrib/hooks/

'vcs-git' href='https://git.causal.agency/cgit-pink' title='cgit-pink Git repository'/>
about summary refs log tree commit diff
path: root/cgit.c (unfollow)
Commit message (Collapse)Author
2018-08-03clone: fix directory traversalJason A. Donenfeld
This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev