forgejo/docs/content/doc/features
Cacciuc a31a6e3996
proper signature validation (#13523)
$header_signature could be a typed float (start with 0e and then only numbers) and a float does equal a string when comparing with typed juggle.
eg: 0e123 != "abc" does return false, but 0e123 !== "abc" returns true.

you previously could circumvent the signature check when providing a header signature in the float format (0e...)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-11-13 13:28:15 -05:00
..
authentication.en-us.md Rename custom/conf/app.ini.sample to custom/conf/app.example.ini for better syntax light on editor (#11926) 2020-06-17 23:16:59 -04:00
authentication.zh-cn.md
authentication.zh-tw.md
comparison.en-us.md docs(comparison): GitHub Actions (#13474) 2020-11-08 17:35:28 -05:00
comparison.zh-cn.md [Docs] Update Feature 'Reject unsigned commits' (#9793) 2020-01-16 01:43:02 -05:00
localization.en-us.md Add localization docs (#11411) 2020-05-14 17:33:52 -04:00
localization.zh-cn.md
localization.zh-tw.md
webhooks.en-us.md proper signature validation (#13523) 2020-11-13 13:28:15 -05:00
webhooks.zh-cn.md
webhooks.zh-tw.md