Skip to content

Fix push-to-create (#9772)#9797

Merged
lafriks merged 2 commits into
go-gitea:release/v1.11from
jolheiser:backport_push_create_post
Jan 16, 2020
Merged

Fix push-to-create (#9772)#9797
lafriks merged 2 commits into
go-gitea:release/v1.11from
jolheiser:backport_push_create_post

Conversation

@jolheiser
Copy link
Copy Markdown
Member

@jolheiser jolheiser commented Jan 16, 2020

Backport #9772

@jolheiser
Fix push-to-create (go-gitea#9772)
0ad37ba 
* Fix push-to-create

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Check URL path and service

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Send dummy payload on receive-pack GET

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* The space was actually a NUL byte

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use real bare repo instead of manufactured payload

Signed-off-by: jolheiser <john.olheiser@gmail.com>
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jan 16, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 16, 2020
@zeripath zeripath added this to the 1.11.0 milestone Jan 16, 2020
@lafriks lafriks merged commit 3521177 into go-gitea:release/v1.11 Jan 16, 2020
@sapk
Copy link
Copy Markdown
Member

sapk commented Jan 16, 2020

I think we could raise this as security since one of the goal is to not allow the creation of repo via get method if create on push is activated.

@sapk sapk added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jan 16, 2020
@jolheiser jolheiser deleted the backport_push_create_post branch January 16, 2020 13:05
@jimparis jimparis mentioned this pull request Feb 4, 2020
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.11.0

Development

Successfully merging this pull request may close these issues.

6 participants

@jolheiser @sapk @lunny @lafriks @zeripath @GiteaBot