routers/web/web.go

@@ -51,12 +51,12 @@ import (
 
 	_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters
 
-	"code.forgejo.org/go-chi/binding"
 	"code.forgejo.org/go-chi/captcha"
 	chi_middleware "github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
 	"github.com/klauspost/compress/gzhttp"
 	"github.com/prometheus/client_golang/prometheus"
+        "code.forgejo.org/go-chi/binding"
 )
 
 var GzipMinSize = gzhttp.DefaultMinSize
@@ -1674,18 +1674,19 @@ func registerRoutes(m *web.Route) {
 }
 
 func BindUpload(f forms.UploadRepoFileForm) http.HandlerFunc {
-	return func(resp http.ResponseWriter, req *http.Request) {
-		theObj := new(forms.UploadRepoFileForm) // create a new form obj for every request but not use obj directly
-		data := middleware.GetContextData(req.Context())
-		binding.Bind(req, theObj)
-		files := theObj.Files
-		var fullpaths []string
-		for _, fileID := range files {
-			fullPath := req.Form.Get("files_fullpath[" + fileID + "]")
-			fullpaths = append(fullpaths, fullPath)
-		}
-		theObj.FullPaths = fullpaths
-		data.GetData()["__form"] = theObj
-		middleware.AssignForm(theObj, data)
-	}
+        return func(resp http.ResponseWriter, req *http.Request) {
+
+                theObj := new(forms.UploadRepoFileForm) // create a new form obj for every request but not use obj directly
+                data := middleware.GetContextData(req.Context())
+                binding.Bind(req, theObj)
+                files := theObj.Files
+                var fullpaths []string
+                for _, fileID := range files {
+                    fullPath := req.Form.Get("files_fullpath[" + fileID + "]")
+                    fullpaths = append(fullpaths, fullPath)
+                }
+                theObj.FullPaths = fullpaths
+                data.GetData()["__form"] = theObj
+                middleware.AssignForm(theObj, data)
+        }
 }

services/repository/files/upload.go

@@ -6,11 +6,11 @@ package files
 import (
 	"context"
 	"fmt"
-	"html"
 	"os"
 	"path"
-	"regexp"
 	"strings"
+        "regexp"
+	"html"
 
 	git_model "code.gitea.io/gitea/models/git"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -168,12 +168,12 @@ var fileNameSanitizeRegexp = regexp.MustCompile(`(?i)\.\.|[<>:\"\\|?*\x{0000}-\x
 
 // Sanitize user input to valid OS filenames
 //
-//	       Based on https://github.com/sindresorhus/filename-reserved-regex
-//	Adds ".." to prevent directory traversal
+//              Based on https://github.com/sindresorhus/filename-reserved-regex
+//       Adds ".." to prevent directory traversal
 func fileNameSanitize(s string) string {
 	// Added this because I am not sure what Windows will deliver us \ or / but we need /.
 	s = strings.ReplaceAll(s, "\\", "/")
-	return strings.TrimSpace(fileNameSanitizeRegexp.ReplaceAllString(s, "_"))
+        return strings.TrimSpace(fileNameSanitizeRegexp.ReplaceAllString(s, "_"))
 }
 
 func copyUploadedLFSFilesIntoRepository(infos []uploadInfo, t *TemporaryUploadRepository, treePath string) error {