1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-10-30 13:55:36 +03:00
gitea/modules
Michael Kuhn 0222623be9 Explicitly disable Git credential helper (#5367)
* Explicitly disable Git credential helper

If the user running Gitea has configured a credential helper, Git
credentials might leak out of Gitea.

There are two problems with credential helpers when combined with Gitea:

1. Credentials entered by a user when doing a migration or setting up a
   mirror will end up in the credential store. In the worst case, this
   is the plain text file ~/.git-credentials.
2. Credentials in the credential store will be used for migrations and
   mirrors by all users. For example, if user A sets up a mirror, their
   credentials will be stored. If user B later sets up a mirror from the
   same host and does not enter any credentials, user A's credentials
   will be used.

This PR prepends -c credential.helper= to all Git commands to clear the
list of helpers. This requires at least Git version 2.9, as previous
versions will try to load an empty helper instead. For more details, see
24321375cd

* Update git module
2018-11-28 09:00:25 +02:00
..
auth Block registration based on email domain (#5157) 2018-11-14 20:00:04 -05:00
avatar Use assert in legacy unit tests (#867) 2017-02-08 14:29:07 +08:00
base Serve audio files using HTML5 audio tag (#5221) 2018-10-30 10:17:26 +08:00
cache Fix memcache support when value is returned as string always (#2924) 2017-11-16 15:06:34 +08:00
context Add raw blob endpoint to get objects by SHA ID (#5334) 2018-11-18 13:45:40 -05:00
cron Add branch overiew page (#2108) 2017-10-26 08:49:16 +08:00
generate Implements generator cli for secrets (#3531) 2018-02-18 20:14:37 +02:00
highlight No highlighting for .txt files (#1922) 2017-06-09 19:39:16 -05:00
httplib Add sensitive headers (#3429) 2018-01-31 00:09:16 +02:00
indexer Global code search support (#3664) 2018-03-16 22:04:33 +08:00
lfs add valid for lfs oid (#4461) 2018-07-19 11:39:19 -04:00
log Remove maxlines option for file logger (#5282) 2018-11-07 06:48:53 +02:00
mailer Explicitly decide whether to use TLS in mailer's configuration (#5024) 2018-11-26 14:21:41 -05:00
markup support envs on external render commands (#5278) 2018-11-20 17:11:21 -05:00
metrics Prometheus endpoint (#5256) 2018-11-04 22:20:00 -05:00
minwinsvc Fix Git hooks not being executed on Windows when running as a service (#1149) 2017-03-09 09:27:43 +08:00
notification Add notification interface and refactor UI notifications (#5085) 2018-10-18 19:23:05 +08:00
options Fix typos in models/ and modules/ (#1248) 2017-03-15 08:52:01 +08:00
pprof cmd/serve: pprof cpu and memory profile dumps to disk (#4560) 2018-08-07 14:49:18 -04:00
private Make gitea serv use api/internal (#4886) 2018-10-30 14:20:13 +08:00
process Fix run command race (#1470) 2017-11-13 22:51:45 +08:00
public Enable caching on assets and avatars (#3376) 2018-02-04 00:37:05 +02:00
recaptcha Add Recaptcha functionality to Gitea (#4044) 2018-07-05 00:13:05 -04:00
search Global code search support (#3664) 2018-03-16 22:04:33 +08:00
setting Explicitly disable Git credential helper (#5367) 2018-11-28 09:00:25 +02:00
ssh Configurable SSH key exchange algorithm and MAC suite (#2806) 2017-11-02 23:26:41 +08:00
sync Fix status table race condition (#1835) 2017-05-31 16:57:17 +08:00
templates Create Progressive Web App (#4730) 2018-11-27 10:18:26 -05:00
test API endpoint for testing webhook (#3550) 2018-04-29 14:21:33 +08:00
user Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
util Fix open redirect vulnerability on login screen (#4312) 2018-06-26 22:45:18 +08:00
validation Improve URL validation for external wiki and external issues (#4710) 2018-08-15 09:29:37 +03:00