sdgoij/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-17 14:24:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix dump release asset bug (#36799)

Browse Source
This commit is contained in:
Lunny Xiao
2026-03-05 12:30:57 -08:00
committed by GitHub
parent 9fe5b70e3e
commit 833304ac15
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
services/migrations/dump.go
View File

@@ -288,12 +288,13 @@ func (g *RepositoryDumper) CreateLabels(_ context.Context, labels ...*base.Label
func (g *RepositoryDumper) CreateReleases(_ context.Context, releases ...*base.Release) error {
if g.opts.ReleaseAssets {
for _, release := range releases {
attachDir := filepath.Join("release_assets", release.TagName)
attachDir := filepath.Join("release_assets", uuid.New().String())
if err := os.MkdirAll(filepath.Join(g.baseDir, attachDir), os.ModePerm); err != nil {
return err
}
for _, asset := range release.Assets {
attachLocalPath := filepath.Join(attachDir, asset.Name)
// we cannot use asset.Name because it might contains special characters.
attachLocalPath := filepath.Join(attachDir, uuid.New().String())
// SECURITY: We cannot check the DownloadURL and DownloadFunc are safe here
// ... we must assume that they are safe and simply download the attachment