mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-28 12:16:17 +01:00
a12f575737
At the Moment it is possible to read files in another Directory as supposed using the Options functions. e.g. `options.Gitignore("../label/Default) `. This was discovered while working on #22783, which exposes `options.Gitignore()` through the public API. At the moment, this is not a security problem, as this function is only used internal, but I thought it would be a good idea to make a PR to fix this for all types of Options files, not only Gitignore, to make it safe for the further. This PR should be merged before the linked PR. --------- Co-authored-by: Jason Song <i@wolfogre.com> |
||
---|---|---|
.. | ||
base.go | ||
dynamic.go | ||
options.go | ||
options_bindata.go | ||
repo.go | ||
static.go |