diff options
| author | Unknwon <u@gogs.io> | 2015-12-14 17:06:54 -0500 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2015-12-14 17:06:54 -0500 |
| commit | 3362b3a44f9f4e0e482b08151e298f7809eefc59 (patch) | |
| tree | 1cc06a33b090f888e1f3e386b572dda0d609cb7e /models | |
| parent | 50264200f04d227ce5e36792cb7b951789693570 (diff) | |
| download | gitea-3362b3a44f9f4e0e482b08151e298f7809eefc59.tar.gz gitea-3362b3a44f9f4e0e482b08151e298f7809eefc59.zip | |
fix possible disclosure
Diffstat (limited to 'models')
| -rw-r--r-- | models/migrations/migrations.go | 43 | ||||
| -rw-r--r-- | models/org.go | 2 |
2 files changed, 39 insertions, 6 deletions
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index ca215d9fc0..78729bdedb 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -18,6 +18,7 @@ import ( "github.com/go-xorm/xorm" "gopkg.in/ini.v1" + "github.com/gogits/gogs/modules/base" "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/setting" gouuid "github.com/gogits/gogs/modules/uuid" @@ -57,12 +58,13 @@ type Version struct { // If you want to "retire" a migration, remove it from the top of the list and // update _MIN_VER_DB accordingly var migrations = []Migration{ - NewMigration("fix locale file load panic", fixLocaleFileLoadPanic), // V4 -> V5:v0.6.0 - NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix), // V5 -> V6:v0.6.3 - NewMigration("generate issue-label from issue", issueToIssueLabel), // V6 -> V7:v0.6.4 - NewMigration("refactor attachment table", attachmentRefactor), // V7 -> V8:v0.6.4 - NewMigration("rename pull request fields", renamePullRequestFields), // V8 -> V9:v0.6.16 - NewMigration("clean up migrate repo info", cleanUpMigrateRepoInfo), // V9 -> V10:v0.6.20 + NewMigration("fix locale file load panic", fixLocaleFileLoadPanic), // V4 -> V5:v0.6.0 + NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix), // V5 -> V6:v0.6.3 + NewMigration("generate issue-label from issue", issueToIssueLabel), // V6 -> V7:v0.6.4 + NewMigration("refactor attachment table", attachmentRefactor), // V7 -> V8:v0.6.4 + NewMigration("rename pull request fields", renamePullRequestFields), // V8 -> V9:v0.6.16 + NewMigration("clean up migrate repo info", cleanUpMigrateRepoInfo), // V9 -> V10:v0.6.20 + NewMigration("generate rands and salt for organizations", generateOrgRandsAndSalt), // V10 -> V11:v0.8.5 } // Migrate database to current version @@ -422,3 +424,32 @@ func cleanUpMigrateRepoInfo(x *xorm.Engine) (err error) { return nil } + +func generateOrgRandsAndSalt(x *xorm.Engine) (err error) { + type User struct { + ID int64 `xorm:"pk autoincr"` + Rands string `xorm:"VARCHAR(10)"` + Salt string `xorm:"VARCHAR(10)"` + } + + orgs := make([]*User, 0, 10) + if err = x.Where("type=1").And("rands=''").Find(&orgs); err != nil { + return fmt.Errorf("select all organizations: %v", err) + } + + sess := x.NewSession() + defer sessionRelease(sess) + if err = sess.Begin(); err != nil { + return err + } + + for _, org := range orgs { + org.Rands = base.GetRandomString(10) + org.Salt = base.GetRandomString(10) + if _, err = sess.Id(org.ID).Update(org); err != nil { + return err + } + } + + return sess.Commit() +} diff --git a/models/org.go b/models/org.go index 608fd348d8..6cc951bef0 100644 --- a/models/org.go +++ b/models/org.go @@ -108,6 +108,8 @@ func CreateOrganization(org, owner *User) (err error) { org.LowerName = strings.ToLower(org.Name) org.FullName = org.Name + org.Rands = GetUserSalt() + org.Salt = GetUserSalt() org.UseCustomAvatar = true org.MaxRepoCreation = -1 org.NumTeams = 1 |