aboutsummaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorSimon McVittie <smcv@debian.org>2016-12-19 13:48:56 +0000
committerSimon McVittie <smcv@debian.org>2016-12-19 18:21:07 +0000
commit9cada49ed6ad24556dbe9861ad5b0a9f526167f9 (patch)
treed648d0640f79a03d954c9b43a8831a38e4bb5776 /t
parent7244b712c1e9ce7c34748f9415cec79ce554c554 (diff)
downloadikiwiki-9cada49ed6ad24556dbe9861ad5b0a9f526167f9.tar
ikiwiki-9cada49ed6ad24556dbe9861ad5b0a9f526167f9.tar.gz
Tell `git revert` not to follow renames
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert looks at what changed in the commit we are reverting, not at what would result from reverting it now. In particular, if some files were renamed since the commit we are reverting, a revert of changes that were within the designated subdirectory and allowed by check_canchange() might now affect files that are outside the designated subdirectory or disallowed by check_canchange(). Signed-off-by: Simon McVittie <smcv@debian.org>
Diffstat (limited to 't')
0 files changed, 0 insertions, 0 deletions