Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix push-to-create (#9772) #9797

Merged
merged 2 commits into from
Jan 16, 2020
Merged

Fix push-to-create (#9772) #9797

merged 2 commits into from
Jan 16, 2020

Conversation

jolheiser
Copy link
Member

Backport #9772

@jolheiser
Fix push-to-create (go-gitea#9772)
0ad37ba 
* Fix push-to-create

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Check URL path and service

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Send dummy payload on receive-pack GET

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* The space was actually a NUL byte

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use real bare repo instead of manufactured payload

Signed-off-by: jolheiser <john.olheiser@gmail.com>
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jan 16, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 16, 2020
@zeripath zeripath added this to the 1.11.0 milestone Jan 16, 2020
@lafriks lafriks merged commit 3521177 into go-gitea:release/v1.11 Jan 16, 2020
@sapk
Copy link
Member

sapk commented Jan 16, 2020

I think we could raise this as security since one of the goal is to not allow the creation of repo via get method if create on push is activated.

@sapk sapk added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jan 16, 2020
@jolheiser jolheiser deleted the backport_push_create_post branch January 16, 2020 13:05
@jimparis jimparis mentioned this pull request Feb 4, 2020
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers

@lunny lunny lunny approved these changes

@lafriks lafriks lafriks approved these changes

@zeripath zeripath zeripath approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.11.0
Development

Successfully merging this pull request may close these issues.
6 participants
@jolheiser @sapk @lunny @lafriks @zeripath @GiteaBot