diff --git a/src/go.mod b/src/go.mod index 79ba5e900..b4fe0ed32 100644 --- a/src/go.mod +++ b/src/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/semver v1.4.2 github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190726115642-cd293c93fd97 github.com/aws/aws-sdk-go v1.19.47 - github.com/beego/beego v1.12.8 + github.com/beego/beego v1.12.11 github.com/beego/i18n v0.0.0-20140604031826-e87155e8f0c0 github.com/bmatcuk/doublestar v1.1.1 github.com/casbin/casbin v1.7.0 diff --git a/src/go.sum b/src/go.sum index 5c1566f20..f55adeb0f 100644 --- a/src/go.sum +++ b/src/go.sum @@ -65,8 +65,8 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5 github.com/aws/aws-sdk-go v1.19.47 h1:ZEze0mpk8Fttrsz6UNLqhH/jRGYbMPfWFA2ILas4AmM= github.com/aws/aws-sdk-go v1.19.47/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= -github.com/beego/beego v1.12.8 h1:0lfe+5ed+hOuE/f5t6fvt9DOy0mXctzCTZH4BkSXGsY= -github.com/beego/beego v1.12.8/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs= +github.com/beego/beego v1.12.11 h1:MWKcnpavb7iAIS0m6uuEq6pHKkYvGNw/5umIUKqL7jM= +github.com/beego/beego v1.12.11/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs= github.com/beego/goyaml2 v0.0.0-20130207012346-5545475820dd/go.mod h1:1b+Y/CofkYwXMUU0OhQqGvsY2Bvgr4j6jfT699wyZKQ= github.com/beego/i18n v0.0.0-20140604031826-e87155e8f0c0 h1:fQaDnUQvBXHHQdGBu9hz8nPznB4BeiPQokvmQVjmNEw= github.com/beego/i18n v0.0.0-20140604031826-e87155e8f0c0/go.mod h1:KLeFCpAMq2+50NkXC8iiJxLLiiTfTqrGtKEVm+2fk7s= diff --git a/src/vendor/github.com/beego/beego/session/session.go b/src/vendor/github.com/beego/beego/session/session.go index b770473cc..024c5eefe 100644 --- a/src/vendor/github.com/beego/beego/session/session.go +++ b/src/vendor/github.com/beego/beego/session/session.go @@ -328,6 +328,9 @@ func (manager *Manager) SessionRegenerateID(w http.ResponseWriter, r *http.Reque cookie.Value = url.QueryEscape(sid) cookie.HttpOnly = true cookie.Path = "/" + cookie.Secure = manager.isSecure(r) + cookie.Domain = manager.config.Domain + cookie.SameSite = manager.config.CookieSameSite } if manager.config.CookieLifeTime > 0 { cookie.MaxAge = manager.config.CookieLifeTime diff --git a/src/vendor/github.com/beego/beego/tree.go b/src/vendor/github.com/beego/beego/tree.go index 60a7f9e85..28b515fff 100644 --- a/src/vendor/github.com/beego/beego/tree.go +++ b/src/vendor/github.com/beego/beego/tree.go @@ -284,6 +284,8 @@ func (t *Tree) addseg(segments []string, route interface{}, wildcards []string, // Match router to runObject & params func (t *Tree) Match(pattern string, ctx *context.Context) (runObject interface{}) { + // fix issue 4961, deal with "./ ../ //" + pattern = path.Clean(pattern) if len(pattern) == 0 || pattern[0] != '/' { return nil } @@ -341,7 +343,7 @@ func (t *Tree) match(treePattern string, pattern string, wildcardValues []string if runObject == nil && len(t.fixrouters) > 0 { // Filter the .json .xml .html extension for _, str := range allowSuffixExt { - if strings.HasSuffix(seg, str) && strings.HasSuffix(treePattern, seg) { + if strings.HasSuffix(seg, str) && pattern == "" { for _, subTree := range t.fixrouters { // strings.HasSuffix(treePattern, seg) avoid cases: /aaa.html/bbb could access /aaa/bbb if subTree.prefix == seg[:len(seg)-len(str)] { diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt index 2fde50a35..c6291eb8b 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -65,7 +65,7 @@ github.com/aws/aws-sdk-go/private/protocol/rest github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil github.com/aws/aws-sdk-go/service/ecr github.com/aws/aws-sdk-go/service/sts -# github.com/beego/beego v1.12.8 +# github.com/beego/beego v1.12.11 ## explicit; go 1.13 github.com/beego/beego github.com/beego/beego/cache