Address some CodeQL security concerns (#35572)

Although there is no real security problem
2025-11-03 20:36:07 +01:00 · 2025-10-04 01:21:26 +08:00
parent c4532101a4
commit 71360a94cb
35 changed files with 118 additions and 78 deletions
--- a/modules/git/hook.go
+++ b/modules/git/hook.go
@@ -45,7 +45,7 @@ func GetHook(repoPath, name string) (*Hook, error) {
 	}
 	h := &Hook{
 		name: name,
-		path: filepath.Join(repoPath, "hooks", name+".d", name),
+		path: filepath.Join(repoPath, filepath.Join("hooks", name+".d", name)),
 	}
 	isFile, err := util.IsFile(h.path)
 	if err != nil {