Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git command is broken in PR merge 500 error #23027

Closed
tyroneyeh opened this issue Feb 21, 2023 · 2 comments · Fixed by #23028
Closed

git command is broken in PR merge 500 error #23027

tyroneyeh opened this issue Feb 21, 2023 · 2 comments · Fixed by #23028
Labels
type/bug
Milestone
1.18.5

Comments

@tyroneyeh
Copy link
Contributor

Description

  1. Create PR
  2. Click Create merge commit button and in title add -, Example: - Test PR
  3. Click Create merge commit button
  4. Display 500 error

error log:
2023/02/21 10:04:47 ...rvices/pull/merge.go:544:rawMerge() [E] git commit [xx/xx:master_xx -> xx/xx:master]: git command is broken

Gitea Version

1.18.4

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

command-line

Database

PostgreSQL
@wxiaoguang
Copy link
Contributor

wxiaoguang commented Feb 21, 2023
edited
Loading

That's caused by

#21535 is used to enhance the security of Gitea. In history, there were many RCE security reports, caused by user-provided -xxx inputs.

The side effect of #21535 is it's very strict, so if there are some leading dashes, it always rejects them.

To fix the problem fundemetally without affecting security:

  • all {"commit", "-m", msg} should be rewritten to {"commit", "-m"+msg} or {"commit", "--message="+msg}

Workaround: remove the leading - from commit message.

@lunny lunny added this to the 1.18.5 milestone Feb 21, 2023
@wxiaoguang wxiaoguang mentioned this issue Feb 21, 2023
Merged
@wxiaoguang
Copy link
Contributor

The fix: Use --message=%s for git commit message #23028

lunny added a commit that referenced this issue Feb 21, 2023
@wxiaoguang @lunny
Use --message=%s for git commit message (#23028)
dc9cebd 
Close  #23027

`git commit` message option _only_ supports 4 formats (well, only ....):
* `"commit", "-m", msg`
* `"commit", "-m{msg}"`  (no space)
* `"commit", "--message", msg`
* `"commit", "--message={msg}"`

The long format with `=` is the best choice, and it's documented in `man
git-commit`:

`-m <msg>, --message=<msg> ...`

ps: I would suggest always use long format option for git command, as
much as possible.

Co-authored-by: Lunny Xiao <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.18.5
Development

Successfully merging a pull request may close this issue.

Use --message=%s for git commit message wxiaoguang/gitea
3 participants
@lunny @tyroneyeh @wxiaoguang