diff options
| author | silverwind <me@silverwind.io> | 2020-04-18 23:01:06 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-18 22:01:06 +0100 |
| commit | 5180deb8199b851384c60fac5b78aac3c9b50a67 (patch) | |
| tree | cf8b1abb471d9daf4798efb13bb637b83e72eccf /models | |
| parent | 6034f8bcaaa5348fee775d2307ff03162130a088 (diff) | |
| download | gitea-5180deb8199b851384c60fac5b78aac3c9b50a67.tar.gz gitea-5180deb8199b851384c60fac5b78aac3c9b50a67.zip | |
Send 404 immediately for known public requests (#11117)
Instead of further handling requests to public which causes issues like #11088, immediately terminate requests to directories js, css, fomantic if no file is found which is checked against a hardcoded list. Maybe there is a way to retrieve the top-level entries below public in a dynamic fashion.
I also added fomantic to the reserved usernames and sorted the list.
Fixes: #11088
Diffstat (limited to 'models')
| -rw-r--r-- | models/user.go | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/models/user.go b/models/user.go index 06f11c968c..50635273bd 100644 --- a/models/user.go +++ b/models/user.go @@ -844,16 +844,20 @@ func (u *User) IsGhost() bool { var ( reservedUsernames = []string{ - "attachments", + ".", + "..", + ".well-known", "admin", "api", "assets", + "attachments", "avatars", "commits", "css", "debug", "error", "explore", + "fomantic", "ghost", "help", "img", @@ -861,6 +865,7 @@ var ( "issues", "js", "less", + "login", "manifest.json", "metrics", "milestones", @@ -871,16 +876,12 @@ var ( "pulls", "raw", "repo", + "robots.txt", + "search", "stars", "template", "user", "vendor", - "login", - "robots.txt", - ".", - "..", - ".well-known", - "search", } reservedUserPatterns = []string{"*.keys", "*.gpg"} ) |