4824 Commits

Author SHA1 Message Date
lengpucheng
8b65fc75c4
fixed #5763,fixed #5760 : Add utils.securopen func to fix not syscall.O_NOFOLLOW on Windows (#5764) 2025-04-04 23:24:26 +08:00
llchry
5fa33bc11b Update db_oracle.go
fix dbbase.GetColumns  expected 3 destination arguments but only query one in oracle
2025-03-26 15:42:05 +08:00
Ville Vesilehto
939bb18c66 fix: add proper HTML escaping in renderFormField
Enhances template safety by escaping user-provided values before inserting
them into HTML output. Improves the function by consistently using escaped
variables throughout the implementation.

- Adds template.HTMLEscapeString for all dynamic values
- Updates variable naming for consistency (escapedName, idAttr, etc.)
- Adds tests to verify proper character escaping works as expected

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-03-26 15:38:28 +08:00
chengjingtao
1f40a88b0c Fix CVE-2021-27116 CVE-2021-27117
1. Adding O_NOFOLLOW flag to prevent symlink attacks

These changes help protect against various security issues including:

- Symlink attacks where attackers could trick the application into modifying unintended files
- Privilege escalation through improper file permissions

Signed-off-by: chengjingtao <jtcheng0616@gmail.com>
2025-03-15 21:52:43 +08:00
cangqiaoyuzhuo
5e9c913b47 fix: fix incorrect nil return value
Signed-off-by: cangqiaoyuzhuo <850072022@qq.com>
2025-02-28 23:22:18 +08:00
zhuhaicity
5da7cabb59 chore: fix some function names in comment
Signed-off-by: zhuhaicity <zhuhai@52it.net>
2025-01-12 15:08:34 +08:00
Ming Deng
a21efb5613
fix issue 5732 (#5735) 2025-01-01 10:25:23 +08:00
Stone
e7fa4835f7
modify: file cache writer md5 to sha256 (#5727)
* modify: file cache writer md5 to sha256

* modify: file cache writer md5 to sha256

* modify: file cache writer md5 to sha256
2024-12-08 22:30:41 +08:00
Deng Ming
bb72dc27ac fix 5720: the formValue should read the first value 2024-11-20 22:03:38 +08:00
lengpucheng
b510342640
Delete server/web/session/ledis/http:/host:port directory (#5717)
remove server/web/session/ledis/http:/host:port directory because is not legal on Windows
2024-11-18 18:38:46 +08:00
Nandavardhan8
b602bdafcd
fix for the CVE-2022-31836 4ca2780dbf19d137746041886525fdebe594e50a (#5707)
Co-authored-by: Ming Deng <mingflycash@gmail.com>
2024-10-31 20:44:58 +08:00
binlihpu
d5830a0fc2 Update log.go
fix comment
2024-10-06 14:45:59 +08:00
luxcgo
0654bff7d5
use sync.Once to replace lock (#5710)
* use atomic operation to optimize performance

* use sync.Once to replace lock
2024-10-05 22:43:21 +08:00
Fahad Khan
cbfbf97af1 added BootStrap call in case where default db name is not used 2024-09-21 16:44:12 +08:00
Deng Ming
0f78ddc53a Add validation CustomFunction example 2024-09-02 14:14:33 +08:00
HaoYu Zhang
d82475935d
add Enum string to validators (#5697)
* feature: add Enum string to validators

* feature: add information for Enum errors
2024-08-22 21:32:16 +08:00
Fahad
8ee564a34c
Added support for select with options tag for templatefun.RenderForm (#5691)
* Added support for `select` with `options` tag for templatefun.RenderForm

* removing unwanted spaces

* added test for select in RenderForm
2024-08-17 15:45:24 +08:00
dependabot[bot]
665cf3504f build(deps): bump google.golang.org/protobuf from 1.34.1 to 1.34.2
Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-07 12:10:19 +08:00
dependabot[bot]
3cb34a8dd1 build(deps): bump golang.org/x/crypto from 0.23.0 to 0.24.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-02 15:05:11 +08:00
Alan Xu
d269d74cd2
docs(session): fix session doc (#5687) 2024-08-02 12:43:36 +08:00
Alan Xu
06d869664a
session: Support SessionReleaseIfPresent to avoid concurrent problem (#5685) 2024-07-31 21:44:47 +08:00
Alan Xu
bdb7e7a904 docs(log_store.go): fix typo
fix typo
2024-07-29 15:55:33 +08:00
tsinghuacoder
edc0260560 chore: fix comment
Signed-off-by: tsinghuacoder <tsinghuacoder@icloud.com>
2024-07-24 17:06:24 +08:00
LumenShip
bb43fb19d9 Update orm_log.go
Refactor debugLogQueries function in orm_log.go

The debugLogQueries function in orm_log.go was modified to fix typos, streamline the formatting of log entries, and include additional data. Key changes include the addition of new entries to logMap, including "alias_name", "operation", "query", "cons", and "err". DebugLog also replaces logs.DebugLog to output the log entry.
2024-07-06 16:56:52 +08:00
Ming Deng
84dcf68cb1
Merge pull request #5675 from flycash/master
feat(validation): add Label to error struct
2024-07-01 19:38:47 +08:00
Deng Ming
dc77027b80 using tsl0922/ssdb as test image 2024-07-01 19:37:42 +08:00
hamidreza abedi
fac100ff37 feat(validation): add Label to error struct 2024-07-01 19:37:22 +08:00
dependabot[bot]
05f624fe09 build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1
Bumps google.golang.org/protobuf from 1.33.0 to 1.34.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-26 14:25:36 +08:00
Rafiudeen Chozhan Kumarasamy
92ea020d06 Update README.md
Added *go mod tidy* before *go build*.
2024-05-26 14:17:38 +08:00
dependabot[bot]
7ef0553990 build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-15 22:10:56 +08:00
dependabot[bot]
095dbf734d build(deps): bump golang.org/x/net from 0.21.0 to 0.23.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-07 11:25:11 +08:00
Deng Ming
8f89e12e6c fix GHSA-6g9p-wv47-4fxq 2024-04-25 16:55:18 +08:00
guangwu
5a366cd62b fix: close file in the GrepFile func 2024-04-18 15:14:43 +08:00
wujiabang
d703f533d0 resolve #5604: using double instead of single hyphen when forking a child process. 2024-04-12 20:16:44 +08:00
Deng Ming
35483381a0 update docsite 2024-04-08 23:28:29 +08:00
Deng Ming
c1bd461068 actions: reuse the feedback action 2024-04-08 17:50:25 +08:00
Deng Ming
0f9372234c github: provide an action to make sure all users raise the issues following the template 2024-04-08 17:14:35 +08:00
dependabot[bot]
90dc9e833e build(deps): bump google.golang.org/grpc from 1.41.0 to 1.63.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.41.0 to 1.63.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.41.0...v1.63.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-06 17:11:23 +08:00
dependabot[bot]
c562b472de build(deps): bump golang.org/x/crypto from 0.20.0 to 0.22.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.22.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-06 16:55:56 +08:00
dependabot[bot]
f83ad57686 build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0.
- [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-06 16:51:02 +08:00
Deng Ming
cb8de70d42 update website information 2024-04-06 16:46:35 +08:00
seiya
196eb6b7cc remove unneccesary elements in keys in Signature() 2024-04-06 16:46:23 +08:00
Deng Ming
cca1f2f6e6 Refine the Readme v2 2024-04-04 17:17:52 +08:00
Ming Deng
b5edc16712
refine the README (#5625) 2024-04-04 17:16:12 +08:00
dependabot[bot]
f55655e65f
build(deps): bump github.com/go-sql-driver/mysql from 1.7.0 to 1.8.1 (#5619)
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.7.0 to 1.8.1.
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/v1.8.1/CHANGELOG.md)
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.7.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/go-sql-driver/mysql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-31 21:45:10 +08:00
Seiya
0609076950
use filepath.Join() to build file paths (#5617)
* use filepath.Join() to build file paths

* use filepath.Join() to build file paths
2024-03-31 21:26:35 +08:00
Ming Deng
97066459ed
fix 5620: ensure cookie always use the config (#5621) 2024-03-31 21:25:28 +08:00
James Kang
a287c2ba81
server: fix typo (#5618)
Signed-off-by: majorteach <csgcgl@126.com>
2024-03-31 21:25:11 +08:00
racerole
29de4e3a3d chore: remove repetitive words
Signed-off-by: racerole <jiangyifeng@outlook.com>
2024-03-12 23:40:09 +08:00
dependabot[bot]
93f693a356
build(deps): bump github.com/prometheus/client_golang (#5605)
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.19.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.19.0/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.16.0...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-07 15:08:53 +08:00