diff options
| author | Peter Smit <peter@smitmail.eu> | 2015-02-05 11:08:10 +0200 |
|---|---|---|
| committer | Peter Smit <peter@smitmail.eu> | 2015-02-05 11:08:10 +0200 |
| commit | 03af37554e34582e8c5a9d98ec9f2d3c9884f0d8 (patch) | |
| tree | e13334fb2bd83e02fdd05ec6895681d27876cd0f /models/repo.go | |
| parent | fd1df86c44bfbd13b4df0a66840113b0d18695bc (diff) | |
| parent | 02c5bade0fabc24b9b7c05a74c65965e2e53f687 (diff) | |
| download | gitea-03af37554e34582e8c5a9d98ec9f2d3c9884f0d8.tar.gz gitea-03af37554e34582e8c5a9d98ec9f2d3c9884f0d8.zip | |
Merge branch 'dev' into newcollaboration
Diffstat (limited to 'models/repo.go')
| -rw-r--r-- | models/repo.go | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/models/repo.go b/models/repo.go index 663e227ae4..a06f1d3e4e 100644 --- a/models/repo.go +++ b/models/repo.go @@ -7,7 +7,6 @@ package models import ( "errors" "fmt" - "html" "html/template" "io/ioutil" "os" @@ -218,11 +217,9 @@ func (repo *Repository) HasAccess(uname string) bool { // DescriptionHtml does special handles to description and return HTML string. func (repo *Repository) DescriptionHtml() template.HTML { sanitize := func(s string) string { - // TODO(nuss-justin): Improve sanitization. Strip all tags? - ss := html.EscapeString(s) - return fmt.Sprintf(`<a href="%s" target="_blank">%s</a>`, ss, ss) + return fmt.Sprintf(`<a href="%[1]s" target="_blank">%[1]s</a>`, s) } - return template.HTML(DescPattern.ReplaceAllStringFunc(base.XSSString(repo.Description), sanitize)) + return template.HTML(DescPattern.ReplaceAllStringFunc(base.Sanitizer.Sanitize(repo.Description), sanitize)) } // IsRepositoryExist returns true if the repository with given name under user has already existed. @@ -507,6 +504,11 @@ func initRepository(f string, u *User, repo *Repository, initReadme bool, repoLa } if len(fileName) == 0 { + // Re-fetch the repository from database before updating it (else it would + // override changes that were done earlier with sql) + if repo, err = GetRepositoryById(repo.Id); err != nil { + return err + } repo.IsBare = true repo.DefaultBranch = "master" return UpdateRepository(repo) |