@@ -16,16 +16,18 @@ import (
1616 "strings"
1717 "time"
1818
19+ "github.com/pkg/errors"
1920 gouuid "github.com/satori/go.uuid"
2021 "github.com/unknwon/com"
2122
2223 "github.com/gogs/git-module"
2324
2425 "gogs.io/gogs/internal/conf"
2526 "gogs.io/gogs/internal/cryptoutil"
26- "gogs.io/gogs/internal/db/errors"
27+ dberrors "gogs.io/gogs/internal/db/errors"
2728 "gogs.io/gogs/internal/gitutil"
2829 "gogs.io/gogs/internal/osutil"
30+ "gogs.io/gogs/internal/pathutil"
2931 "gogs.io/gogs/internal/process"
3032 "gogs.io/gogs/internal/tool"
3133)
@@ -134,7 +136,7 @@ func (repo *Repository) UpdateRepoFile(doer *User, opts UpdateRepoFileOptions) (
134136 if opts .OldBranch != opts .NewBranch {
135137 // Directly return error if new branch already exists in the server
136138 if git .RepoHasBranch (repoPath , opts .NewBranch ) {
137- return errors .BranchAlreadyExists {Name : opts .NewBranch }
139+ return dberrors .BranchAlreadyExists {Name : opts .NewBranch }
138140 }
139141
140142 // Otherwise, delete branch from local copy in case out of sync
@@ -449,11 +451,16 @@ func isRepositoryGitPath(path string) bool {
449451 return strings .HasSuffix (path , ".git" ) || strings .Contains (path , ".git" + string (os .PathSeparator ))
450452}
451453
452- func (repo * Repository ) UploadRepoFiles (doer * User , opts UploadRepoFileOptions ) ( err error ) {
454+ func (repo * Repository ) UploadRepoFiles (doer * User , opts UploadRepoFileOptions ) error {
453455 if len (opts .Files ) == 0 {
454456 return nil
455457 }
456458
459+ // Prevent uploading files into the ".git" directory
460+ if isRepositoryGitPath (opts .TreePath ) {
461+ return errors .Errorf ("bad tree path %q" , opts .TreePath )
462+ }
463+
457464 uploads , err := GetUploadsByUUIDs (opts .Files )
458465 if err != nil {
459466 return fmt .Errorf ("get uploads by UUIDs[%v]: %v" , opts .Files , err )
@@ -487,7 +494,9 @@ func (repo *Repository) UploadRepoFiles(doer *User, opts UploadRepoFileOptions)
487494 continue
488495 }
489496
490- // Prevent copying files into .git directory, see https://gogs.io/gogs/issues/5558.
497+ upload .Name = pathutil .Clean (upload .Name )
498+
499+ // Prevent uploading files into the ".git" directory
491500 if isRepositoryGitPath (upload .Name ) {
492501 continue
493502 }
0 commit comments