server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,821 Commits 3 Branches 2 Tags
Commit Graph

4821 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
chengjingtao
1f40a88b0c Fix CVE-2021-27116 CVE-2021-27117 
1. Adding O_NOFOLLOW flag to prevent symlink attacks

These changes help protect against various security issues including:

- Symlink attacks where attackers could trick the application into modifying unintended files
- Privilege escalation through improper file permissions

Signed-off-by: chengjingtao <jtcheng0616@gmail.com>
 2025-03-15 21:52:43 +08:00
cangqiaoyuzhuo
5e9c913b47 fix: fix incorrect nil return value 
Signed-off-by: cangqiaoyuzhuo <850072022@qq.com>
 2025-02-28 23:22:18 +08:00
zhuhaicity
5da7cabb59 chore: fix some function names in comment 
Signed-off-by: zhuhaicity <zhuhai@52it.net>
 2025-01-12 15:08:34 +08:00
Ming Deng
a21efb5613
fix issue 5732 (#5735) 2025-01-01 10:25:23 +08:00
Stone
e7fa4835f7
modify: file cache writer md5 to sha256 (#5727) 
* modify: file cache writer md5 to sha256

* modify: file cache writer md5 to sha256

* modify: file cache writer md5 to sha256
 2024-12-08 22:30:41 +08:00
Deng Ming
bb72dc27ac fix 5720: the formValue should read the first value 2024-11-20 22:03:38 +08:00
lengpucheng
b510342640
Delete server/web/session/ledis/http:/host:port directory (#5717) 
remove server/web/session/ledis/http:/host:port directory because is not legal on Windows
 2024-11-18 18:38:46 +08:00
Nandavardhan8
b602bdafcd
fix for the CVE-2022-31836 4ca2780dbf19d137746041886525fdebe594e50a (#5707) 
Co-authored-by: Ming Deng <mingflycash@gmail.com>
 2024-10-31 20:44:58 +08:00
binlihpu
d5830a0fc2 Update log.go 
fix comment
 2024-10-06 14:45:59 +08:00
luxcgo
0654bff7d5
use sync.Once to replace lock (#5710) 
* use atomic operation to optimize performance

* use sync.Once to replace lock
 2024-10-05 22:43:21 +08:00
Fahad Khan
cbfbf97af1 added BootStrap call in case where default db name is not used 2024-09-21 16:44:12 +08:00
Deng Ming
0f78ddc53a Add validation CustomFunction example 2024-09-02 14:14:33 +08:00
HaoYu Zhang
d82475935d
add Enum string to validators (#5697) 
* feature: add Enum string to validators

* feature: add information for Enum errors
 2024-08-22 21:32:16 +08:00
Fahad
8ee564a34c
Added support for select with options tag for templatefun.RenderForm (#5691) 
* Added support for `select` with `options` tag for templatefun.RenderForm

* removing unwanted spaces

* added test for select in RenderForm
 2024-08-17 15:45:24 +08:00
dependabot[bot]
665cf3504f build(deps): bump google.golang.org/protobuf from 1.34.1 to 1.34.2 
Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-07 12:10:19 +08:00
dependabot[bot]
3cb34a8dd1 build(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-02 15:05:11 +08:00
Alan Xu
d269d74cd2
docs(session): fix session doc (#5687) 2024-08-02 12:43:36 +08:00
Alan Xu
06d869664a
session: Support SessionReleaseIfPresent to avoid concurrent problem (#5685) 2024-07-31 21:44:47 +08:00
Alan Xu
bdb7e7a904 docs(log_store.go): fix typo 
fix typo
 2024-07-29 15:55:33 +08:00
tsinghuacoder
edc0260560 chore: fix comment 
Signed-off-by: tsinghuacoder <tsinghuacoder@icloud.com>
 2024-07-24 17:06:24 +08:00
LumenShip
bb43fb19d9 Update orm_log.go 
Refactor debugLogQueries function in orm_log.go

The debugLogQueries function in orm_log.go was modified to fix typos, streamline the formatting of log entries, and include additional data. Key changes include the addition of new entries to logMap, including "alias_name", "operation", "query", "cons", and "err". DebugLog also replaces logs.DebugLog to output the log entry.
 2024-07-06 16:56:52 +08:00
Ming Deng
84dcf68cb1
Merge pull request #5675 from flycash/master 
feat(validation): add Label to error struct
 2024-07-01 19:38:47 +08:00
Deng Ming
dc77027b80 using tsl0922/ssdb as test image 2024-07-01 19:37:42 +08:00
hamidreza abedi
fac100ff37 feat(validation): add Label to error struct 2024-07-01 19:37:22 +08:00
dependabot[bot]
05f624fe09 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1 
Bumps google.golang.org/protobuf from 1.33.0 to 1.34.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-26 14:25:36 +08:00
Rafiudeen Chozhan Kumarasamy
92ea020d06 Update README.md 
Added *go mod tidy* before *go build*.
 2024-05-26 14:17:38 +08:00
dependabot[bot]
7ef0553990 build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-15 22:10:56 +08:00
dependabot[bot]
095dbf734d build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-07 11:25:11 +08:00
Deng Ming
8f89e12e6c fix GHSA-6g9p-wv47-4fxq 2024-04-25 16:55:18 +08:00
guangwu
5a366cd62b fix: close file in the GrepFile func 2024-04-18 15:14:43 +08:00
wujiabang
d703f533d0 resolve #5604: using double instead of single hyphen when forking a child process. 2024-04-12 20:16:44 +08:00
Deng Ming
35483381a0 update docsite 2024-04-08 23:28:29 +08:00
Deng Ming
c1bd461068 actions: reuse the feedback action 2024-04-08 17:50:25 +08:00
Deng Ming
0f9372234c github: provide an action to make sure all users raise the issues following the template 2024-04-08 17:14:35 +08:00
dependabot[bot]
90dc9e833e build(deps): bump google.golang.org/grpc from 1.41.0 to 1.63.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.41.0 to 1.63.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.41.0...v1.63.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-06 17:11:23 +08:00
dependabot[bot]
c562b472de build(deps): bump golang.org/x/crypto from 0.20.0 to 0.22.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.22.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-06 16:55:56 +08:00
dependabot[bot]
f83ad57686 build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0.
- [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-06 16:51:02 +08:00
Deng Ming
cb8de70d42 update website information 2024-04-06 16:46:35 +08:00
seiya
196eb6b7cc remove unneccesary elements in keys in Signature() 2024-04-06 16:46:23 +08:00
Deng Ming
cca1f2f6e6 Refine the Readme v2 2024-04-04 17:17:52 +08:00
Ming Deng
b5edc16712
refine the README (#5625) 2024-04-04 17:16:12 +08:00
dependabot[bot]
f55655e65f
build(deps): bump github.com/go-sql-driver/mysql from 1.7.0 to 1.8.1 (#5619) 
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.7.0 to 1.8.1.
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/v1.8.1/CHANGELOG.md)
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.7.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-31 21:45:10 +08:00
Seiya
0609076950
use filepath.Join() to build file paths (#5617) 
* use filepath.Join() to build file paths

* use filepath.Join() to build file paths
 2024-03-31 21:26:35 +08:00
Ming Deng
97066459ed
fix 5620: ensure cookie always use the config (#5621) 2024-03-31 21:25:28 +08:00
James Kang
a287c2ba81
server: fix typo (#5618) 
Signed-off-by: majorteach <csgcgl@126.com>
 2024-03-31 21:25:11 +08:00
racerole
29de4e3a3d chore: remove repetitive words 
Signed-off-by: racerole <jiangyifeng@outlook.com>
 2024-03-12 23:40:09 +08:00
dependabot[bot]
93f693a356
build(deps): bump github.com/prometheus/client_golang (#5605) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.19.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.19.0/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.16.0...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 15:08:53 +08:00
dependabot[bot]
b6ec6b680b
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.7 to 1.14.22 (#5583) 
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.7 to 1.14.22.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.7...v1.14.22)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 14:27:08 +08:00
dependabot[bot]
ac23b684c5
build(deps): bump github.com/google/uuid from 1.2.0 to 1.6.0 (#5582) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.2.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.2.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 14:19:42 +08:00
dependabot[bot]
4bd533bbba
build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.9.0 (#5608) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-07 14:10:24 +08:00