lywsvip/codefever
1
0
Fork 0
mirror of https://github.com/PGYER/codefever.git synced 2026-06-04 08:37:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(Command): filter "`" for comamnd (shell inject)

Browse Source
This commit is contained in:
cubic
2023-03-27 12:07:44 +08:00
parent ab2b675247
commit dd1d1f2a8a
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/models/repository_model.php
View File

@@ -1466,14 +1466,14 @@ class Repository_model extends CI_Model
return FALSE;
}
$branch = Command::wrapArgument($branch);
$filePath = Command::wrapArgument($filePath);
$command = GitCommand::getLastLog($branch, $filePath, $lastSha);
if (!$command) {
return FALSE;
}
$branch = Command::wrapArgument($branch);
$filePath = Command::wrapArgument($filePath);
$log = $this->execCommand($rKey, $uKey, GIT_COMMAND_QUERY, $command);
$log = rtrim($log, Helper::getDelimiter() . "\n");
$log = $this->_logStringToArray($log);