aboutsummaryrefslogtreecommitdiffstats
path: root/modules/forms
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-03-15 21:52:11 +0000
committerGitHub <noreply@github.com>2021-03-15 17:52:11 -0400
commit6e423d5573c20b78d6e21cb044e8f4d5de5b288a (patch)
tree61d2e282bc652b8254271fdd9e19b87a386b5dc7 /modules/forms
parentf268b4896b1030761b28f1f8923d77d87adb8f0b (diff)
downloadgitea-6e423d5573c20b78d6e21cb044e8f4d5de5b288a.tar.gz
gitea-6e423d5573c20b78d6e21cb044e8f4d5de5b288a.zip
Ensure validation occurs on clone addresses too (#14994)
* Ensure validation occurs on clone addresses too Fix #14984 Signed-off-by: Andrew Thornton <art27@cantab.net> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * fix test Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix api tests Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'modules/forms')
-rw-r--r--modules/forms/repo_form.go22
1 files changed, 2 insertions, 20 deletions
diff --git a/modules/forms/repo_form.go b/modules/forms/repo_form.go
index ab88aef571..6cf72ee6b8 100644
--- a/modules/forms/repo_form.go
+++ b/modules/forms/repo_form.go
@@ -12,10 +12,8 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/context"
- "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
- "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/routers/utils"
@@ -92,9 +90,7 @@ func (f *MigrateRepoForm) Validate(req *http.Request, errs binding.Errors) bindi
// ParseRemoteAddr checks if given remote address is valid,
// and returns composed URL with needed username and password.
-// It also checks if given user has permission when remote address
-// is actually a local path.
-func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models.User) (string, error) {
+func ParseRemoteAddr(remoteAddr, authUsername, authPassword string) (string, error) {
remoteAddr = strings.TrimSpace(remoteAddr)
// Remote address can be HTTP/HTTPS/Git URL or local path.
if strings.HasPrefix(remoteAddr, "http://") ||
@@ -102,26 +98,12 @@ func ParseRemoteAddr(remoteAddr, authUsername, authPassword string, user *models
strings.HasPrefix(remoteAddr, "git://") {
u, err := url.Parse(remoteAddr)
if err != nil {
- return "", models.ErrInvalidCloneAddr{IsURLError: true}
+ return "", &models.ErrInvalidCloneAddr{IsURLError: true}
}
if len(authUsername)+len(authPassword) > 0 {
u.User = url.UserPassword(authUsername, authPassword)
}
remoteAddr = u.String()
- if u.Scheme == "git" && u.Port() != "" && (strings.Contains(remoteAddr, "%0d") || strings.Contains(remoteAddr, "%0a")) {
- return "", models.ErrInvalidCloneAddr{IsURLError: true}
- }
- } else if !user.CanImportLocal() {
- return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true}
- } else {
- isDir, err := util.IsDir(remoteAddr)
- if err != nil {
- log.Error("Unable to check if %s is a directory: %v", remoteAddr, err)
- return "", err
- }
- if !isDir {
- return "", models.ErrInvalidCloneAddr{IsInvalidPath: true}
- }
}
return remoteAddr, nil