aboutsummaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorGusted <williamzijl7@hotmail.com>2022-01-31 00:48:47 +0100
committerGitHub <noreply@github.com>2022-01-31 01:48:47 +0200
commit72256c16a8e425879475252a05262b47b2cc44d4 (patch)
tree29fc6359e6b51c9e57de49586f84a3b3895c67db /modules
parentb2250d2fb39a1b8a8c78a2739e6e4a94dcc49a19 (diff)
downloadgitea-72256c16a8e425879475252a05262b47b2cc44d4.tar.gz
gitea-72256c16a8e425879475252a05262b47b2cc44d4.zip
Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472)
* Don't panic & allow shorter sha1 - Don't panic when the full regex isn't matched and allow the usage of a shorter sha1 being used. - Resolves #18471 * Update modules/markup/html.go Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'modules')
-rw-r--r--modules/markup/html.go9
-rw-r--r--modules/markup/html_test.go13
2 files changed, 21 insertions, 1 deletions
diff --git a/modules/markup/html.go b/modules/markup/html.go
index e28e26c6d1..df2a159230 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -55,7 +55,7 @@ var (
anySHA1Pattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(/[-+~_%.a-zA-Z0-9/]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
// comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash"
- comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(\.\.\.?)([0-9a-f]{40})?(#[-+~_%.a-zA-Z0-9]+)?`)
+ comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,40})(\.\.\.?)([0-9a-f]{7,40})?(#[-+~_%.a-zA-Z0-9]+)?`)
validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`)
@@ -946,6 +946,13 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
return
}
+ // Ensure that every group (m[0]...m[7]) has a match
+ for i := 0; i < 8; i++ {
+ if m[i] == -1 {
+ return
+ }
+ }
+
urlFull := node.Data[m[0]:m[1]]
text1 := base.ShortSha(node.Data[m[2]:m[3]])
textDots := base.ShortSha(node.Data[m[4]:m[5]])
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index ee9b17df2f..29bf6c8fcb 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -548,3 +548,16 @@ func TestFuzz(t *testing.T) {
assert.NoError(t, err)
}
+
+func TestIssue18471(t *testing.T) {
+ data := `http://domain/org/repo/compare/783b039...da951ce`
+
+ var res strings.Builder
+ err := PostProcess(&RenderContext{
+ URLPrefix: "https://example.com",
+ Metas: localMetas,
+ }, strings.NewReader(data), &res)
+
+ assert.NoError(t, err)
+ assert.Equal(t, res.String(), "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">783b039...da951ce</code></a>")
+}