Permalink
Browse files

Merge pull request #158 from maddingo/master

The change fixes a serious vulnerability in the git repository code
  • Loading branch information...
2 parents fdca404 + d979bc7 commit c70a17bcd7d57f72101ae68b9a163839cd5dd04b @ericpaulbishop committed Apr 29, 2012
Showing with 3 additions and 0 deletions.
  1. +3 −0 lib/git_hosting/patches/git_adapter_patch.rb
@@ -37,6 +37,9 @@ def client_command_with_sudo
def scm_cmd_with_sudo(*args, &block)
+ args.each do |a|
+ a.gsub!(/^\.\-\w_\:]/, '')
+ end
max_cache_time = (Setting.plugin_redmine_git_hosting['gitCacheMaxTime']).to_i # in seconds, default = 60
max_cache_elements = (Setting.plugin_redmine_git_hosting['gitCacheMaxElements']).to_i # default = 100
max_cache_size = (Setting.plugin_redmine_git_hosting['gitCacheMaxSize']).to_i*1024*1024 # In MB, default = 16MB, converted to bytes

0 comments on commit c70a17b

Please sign in to comment.