Please sign in to comment.
Fixed url decoding in http gitolite command bypass.
Only '+' sign was unescaped in `http_simulate_ssh_connection()`. When user translates `ssh git@host perms <repo> + <role> <user>` to `curl https://host/git/perms?<repo>+%2b+<role>+<user>` nothing happens. This commit fixes it modifying url unescaping. committer notes: changed the regex per 'man URI::Escape'
- Loading branch information...