From b602bdafcd302133cf3ca0f59df467ed6da125b2 Mon Sep 17 00:00:00 2001
From: Nandavardhan8 <180159032+Nandavardhan8@users.noreply.github.com>
Date: Thu, 31 Oct 2024 18:14:58 +0530
Subject: [PATCH] fix for the CVE-2022-31836
 4ca2780dbf19d137746041886525fdebe594e50a (#5707)

Co-authored-by: Ming Deng <mingflycash@gmail.com>
---
 CHANGELOG.md                                       |   1 +
 server/web/session/ledis/http:/host:port/LOCK      |   0
 .../http:/host:port/goleveldb_data/000001.log      |   0
 .../ledis/http:/host:port/goleveldb_data/CURRENT   |   1 +
 .../ledis/http:/host:port/goleveldb_data/LOCK      |   0
 .../ledis/http:/host:port/goleveldb_data/LOG       |   6 ++++++
 .../http:/host:port/goleveldb_data/MANIFEST-000000 | Bin 0 -> 54 bytes
 7 files changed, 8 insertions(+)
 create mode 100644 server/web/session/ledis/http:/host:port/LOCK
 create mode 100644 server/web/session/ledis/http:/host:port/goleveldb_data/000001.log
 create mode 100644 server/web/session/ledis/http:/host:port/goleveldb_data/CURRENT
 create mode 100644 server/web/session/ledis/http:/host:port/goleveldb_data/LOCK
 create mode 100644 server/web/session/ledis/http:/host:port/goleveldb_data/LOG
 create mode 100644 server/web/session/ledis/http:/host:port/goleveldb_data/MANIFEST-000000

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d93e9f12..b9e6b895 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
 # developing
+- [Fix issue 4961, `leafInfo.match()` use `path.join()` to deal with `wildcardValues`, which may lead to cross directory risk ](https://github.com/beego/beego/pull/4964)
 
 # v2.1.2
 - [refactor: CONTRIBUTING.md file grammatical improvements](https://github.com/beego/beego/issues/5411)
diff --git a/server/web/session/ledis/http:/host:port/LOCK b/server/web/session/ledis/http:/host:port/LOCK
new file mode 100644
index 00000000..e69de29b
diff --git a/server/web/session/ledis/http:/host:port/goleveldb_data/000001.log b/server/web/session/ledis/http:/host:port/goleveldb_data/000001.log
new file mode 100644
index 00000000..e69de29b
diff --git a/server/web/session/ledis/http:/host:port/goleveldb_data/CURRENT b/server/web/session/ledis/http:/host:port/goleveldb_data/CURRENT
new file mode 100644
index 00000000..feda7d6b
--- /dev/null
+++ b/server/web/session/ledis/http:/host:port/goleveldb_data/CURRENT
@@ -0,0 +1 @@
+MANIFEST-000000
diff --git a/server/web/session/ledis/http:/host:port/goleveldb_data/LOCK b/server/web/session/ledis/http:/host:port/goleveldb_data/LOCK
new file mode 100644
index 00000000..e69de29b
diff --git a/server/web/session/ledis/http:/host:port/goleveldb_data/LOG b/server/web/session/ledis/http:/host:port/goleveldb_data/LOG
new file mode 100644
index 00000000..2a1f7d8e
--- /dev/null
+++ b/server/web/session/ledis/http:/host:port/goleveldb_data/LOG
@@ -0,0 +1,6 @@
+=============== Sep 23, 2024 (IST) ===============
+13:20:45.857549 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
+13:20:45.857715 db@open opening
+13:20:46.025077 version@stat F·[] S·0B[] Sc·[]
+13:20:46.127801 db@janitor F·2 G·0
+13:20:46.127844 db@open done T·270.109817ms
diff --git a/server/web/session/ledis/http:/host:port/goleveldb_data/MANIFEST-000000 b/server/web/session/ledis/http:/host:port/goleveldb_data/MANIFEST-000000
new file mode 100644
index 0000000000000000000000000000000000000000..9d54f6733b1364dc8d53dd15ca59a6ec36a1c29d
GIT binary patch
literal 54
zcmdmC5aOo9z{n_-lUkOVlai$8R9TW*o>`pgoS$2eSd>_jU&O?~%*ev9Y~pbaHU>r}
JMrI}!1^~s!4paaD

literal 0
HcmV?d00001