Skip to content

Commit 0904421

Browse files
lunnylunny
committed
Fix lfs bug
1 parent 3ad6cf2 commit 0904421

File tree

2 files changed

+34
-0
lines changed

2 files changed

+34
-0
lines changed

modules/storage/local.go

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ package storage
66

77
import (
88
"context"
9+
"errors"
910
"io"
1011
"net/url"
1112
"os"
@@ -15,6 +16,8 @@ import (
1516
"code.gitea.io/gitea/modules/util"
1617
)
1718

19+
// ErrLocalPathNotSupported represents an error that path is not supported
20+
var ErrLocalPathNotSupported = errors.New("local path is not supported")
1821
var _ ObjectStorage = &LocalStorage{}
1922

2023
// LocalStorageType is the type descriptor for local storage
@@ -59,11 +62,18 @@ func NewLocalStorage(ctx context.Context, cfg interface{}) (ObjectStorage, error
5962

6063
// Open a file
6164
func (l *LocalStorage) Open(path string) (Object, error) {
65+
if !l.isValid(path) {
66+
return nil, ErrLocalPathNotSupported
67+
}
6268
return os.Open(filepath.Join(l.dir, path))
6369
}
6470

6571
// Save a file
6672
func (l *LocalStorage) Save(path string, r io.Reader, size int64) (int64, error) {
73+
if !l.isValid(path) {
74+
return 0, ErrLocalPathNotSupported
75+
}
76+
6777
p := filepath.Join(l.dir, path)
6878
if err := os.MkdirAll(filepath.Dir(p), os.ModePerm); err != nil {
6979
return 0, err
@@ -107,8 +117,19 @@ func (l *LocalStorage) Stat(path string) (os.FileInfo, error) {
107117
return os.Stat(filepath.Join(l.dir, path))
108118
}
109119

120+
func (l *LocalStorage) isValid(path string) bool {
121+
a, err := filepath.Abs(path)
122+
if err != nil {
123+
return false
124+
}
125+
return a == "/"+path
126+
}
127+
110128
// Delete delete a file
111129
func (l *LocalStorage) Delete(path string) error {
130+
if !l.isValid(path) {
131+
return ErrLocalPathNotSupported
132+
}
112133
p := filepath.Join(l.dir, path)
113134
return util.Remove(p)
114135
}

routers/web/repo/lfs.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,13 @@ func LFSFileGet(ctx *context.Context) {
253253
}
254254
ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
255255
oid := ctx.Params("oid")
256+
257+
p := lfs.Pointer{Oid: oid}
258+
if !p.IsValid() {
259+
ctx.NotFound("LFSDelete", nil)
260+
return
261+
}
262+
256263
ctx.Data["Title"] = oid
257264
ctx.Data["PageIsSettingsLFS"] = true
258265
meta, err := models.GetLFSMetaObjectByOid(ctx.Repo.Repository.ID, oid)
@@ -343,6 +350,12 @@ func LFSDelete(ctx *context.Context) {
343350
return
344351
}
345352
oid := ctx.Params("oid")
353+
p := lfs.Pointer{Oid: oid}
354+
if !p.IsValid() {
355+
ctx.NotFound("LFSDelete", nil)
356+
return
357+
}
358+
346359
count, err := models.RemoveLFSMetaObjectByOid(ctx.Repo.Repository.ID, oid)
347360
if err != nil {
348361
ctx.ServerError("LFSDelete", err)

0 commit comments

Comments
 (0)