Permalink
Browse files

Fix security vulnerability: Can execute code with git user's privileg…

…es. See similar change in chiliproject code (maddingo/chiliproject@de93e79)
  • Loading branch information...
1 parent fdca404 commit d979bc7223fa767d19c3a21ce173bfd44a2510e0 @maddingo maddingo committed Apr 27, 2012
Showing with 3 additions and 0 deletions.
  1. +3 −0 lib/git_hosting/patches/git_adapter_patch.rb
@@ -37,6 +37,9 @@ def client_command_with_sudo
def scm_cmd_with_sudo(*args, &block)
+ args.each do |a|
+ a.gsub!(/^\.\-\w_\:]/, '')
+ end
max_cache_time = (Setting.plugin_redmine_git_hosting['gitCacheMaxTime']).to_i # in seconds, default = 60
max_cache_elements = (Setting.plugin_redmine_git_hosting['gitCacheMaxElements']).to_i # default = 100
max_cache_size = (Setting.plugin_redmine_git_hosting['gitCacheMaxSize']).to_i*1024*1024 # In MB, default = 16MB, converted to bytes

0 comments on commit d979bc7

Please sign in to comment.