search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.37k stars 5.43k forks source link

Passwords containing special character "/" do not work #32158

Open ahorseman opened 1 day ago

ahorseman commented 1 day ago

Description

When using a password with a slash (potentially other special characters?) to authenticate to an existing git repository in order to clone it to Gitea, the password string gets cut at the slash and cloning / migration does not work.

Security risk: Gitea is showing the password string as plaintext in the error message (which made it though pretty obvious to me that the slash is the issue).

Gitea Version

1.21.10

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

It's running via Turnkey-Linux on a Proxmox server.

Database

None

wxiaoguang commented 1 day ago

How to reproduce? Do you mean doing something on the Gitea's web UI, or do you mean something like git clone http://user:my/password@my-gitea.com/user/repo on your machine?

showing the password string as plaintext in the error message which error message and which page/UI? Could you use a fake password to capture a screenshot?

eeyrjmr commented 1 day ago

Is it really gitea end or git end? A backslash () will obviously cause issues in a cli git environment as this is an escape character

So depending on what was shown it was either git/bash responding locally for an ambiguous command or gitea echoing back (and yes that would be an interesting concern)

lafriks commented 7 hours ago

It is because it's not a valid URL format, / must be replaced with %2F