mirror of
https://gitee.com/gitea/gitea.git
synced 2024-12-16 02:21:02 +08:00
a31a6e3996
$header_signature could be a typed float (start with 0e and then only numbers) and a float does equal a string when comparing with typed juggle. eg: 0e123 != "abc" does return false, but 0e123 !== "abc" returns true. you previously could circumvent the signature check when providing a header signature in the float format (0e...) Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
---|---|---|
.. | ||
authentication.en-us.md | ||
authentication.zh-cn.md | ||
authentication.zh-tw.md | ||
comparison.en-us.md | ||
comparison.zh-cn.md | ||
localization.en-us.md | ||
localization.zh-cn.md | ||
localization.zh-tw.md | ||
webhooks.en-us.md | ||
webhooks.zh-cn.md | ||
webhooks.zh-tw.md |