diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-03-25 13:25:54 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-03-25 13:25:54 +0800 |
| commit | 0ce67150e04a1df32b06495fa04328302b3a2fef (patch) | |
| tree | 4149bc10c569cbcae517010d393a1f7b74f6b746 /http_server.go | |
| parent | Fix index page padding wrapper containment (diff) | |
| download | forge-0ce67150e04a1df32b06495fa04328302b3a2fef.tar.gz forge-0ce67150e04a1df32b06495fa04328302b3a2fef.tar.zst forge-0ce67150e04a1df32b06495fa04328302b3a2fef.zip | |
Fix out of bounds in commit path handling
Diffstat (limited to 'http_server.go')
| -rw-r--r-- | http_server.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/http_server.go b/http_server.go index c8528fe..de78650 100644 --- a/http_server.go +++ b/http_server.go @@ -220,6 +220,10 @@ func (router *forgeHTTPRouter) ServeHTTP(writer http.ResponseWriter, request *ht } httpHandleRepoLog(writer, request, params) case "commit": + if len(segments) != sepIndex+5 { + errorPage400(writer, params, "Incorrect number of parameters") + return + } if redirectNoDir(writer, request) { return } |