Standardise cleanUploadFilename to more closely match git

See verify_path in: https://github.com/git/git/blob/7f4e64169352e03476b0ea64e7e2973669e491a2/read-cache.c#L951

Signed-off-by: Andrew Thornton <[email protected]>

Author: zeripath

routers/repo/editor.go

@@ -576,12 +576,13 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
 }
 
 func cleanUploadFileName(name string) string {
-	name = strings.TrimLeft(name, "./\\")
-	name = strings.Replace(name, "../", "", -1)
-	name = strings.Replace(name, "..\\", "", -1)
-	name = strings.TrimPrefix(path.Clean(name), ".git/")
-	if name == ".git" {
-		return ""
+	// Rebase the filename
+	name = strings.Trim(path.Clean("/"+name), " /")
+	// Git disallows any filenames to have a .git directory in them.
+	for _, part := range strings.Split(name, "/") {
+		if strings.ToLower(part) == ".git" {
+			return ""
+		}
 	}
 	return name
 }

routers/repo/editor_test.go

@@ -15,14 +15,15 @@ func TestCleanUploadName(t *testing.T) {
 	models.PrepareTestEnv(t)
 
 	var kases = map[string]string{
-		".git/refs/master": "git/refs/master",
+		".git/refs/master": "",
 		"/root/abc":        "root/abc",
 		"./../../abc":      "abc",
-		"a/../.git":        "a/.git",
-		"a/../../../abc":   "a/abc",
+		"a/../.git":        "",
+		"a/../../../abc":   "abc",
 		"../../../acd":     "acd",
-		"../../.git/abc":   "git/abc",
-		"..\\..\\.git/abc": "git/abc",
+		"../../.git/abc":   "",
+		"..\\..\\.git/abc": "..\\..\\.git/abc",
+		"abc/../def":       "def",
 	}
 	for k, v := range kases {
 		assert.EqualValues(t, v, cleanUploadFileName(k))