Skip to content

Fix push-to-create (#9772) #9797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 16, 2020
Merged

Fix push-to-create (#9772) #9797

merged 2 commits into from
Jan 16, 2020

Conversation

jolheiser
Copy link
Member

Backport #9772

@jolheiser
Fix push-to-create (go-gitea#9772)
0ad37ba 
* Fix push-to-create

Signed-off-by: jolheiser <[email protected]>

* Check URL path and service

Signed-off-by: jolheiser <[email protected]>

* Send dummy payload on receive-pack GET

Signed-off-by: jolheiser <[email protected]>

* The space was actually a NUL byte

Signed-off-by: jolheiser <[email protected]>

* Use real bare repo instead of manufactured payload

Signed-off-by: jolheiser <[email protected]>
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jan 16, 2020
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 16, 2020
@zeripath zeripath added this to the 1.11.0 milestone Jan 16, 2020
@lafriks lafriks merged commit 3521177 into go-gitea:release/v1.11 Jan 16, 2020
@sapk
Copy link
Member

sapk commented Jan 16, 2020

I think we could raise this as security since one of the goal is to not allow the creation of repo via get method if create on push is activated.

@sapk sapk added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jan 16, 2020
@jolheiser jolheiser deleted the backport_push_create_post branch January 16, 2020 13:05
@jimparis jimparis mentioned this pull request Feb 4, 2020
Closed
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.11.0
Development

Successfully merging this pull request may close these issues.
6 participants
@jolheiser @sapk @lunny @lafriks @zeripath @GiteaBot