diff options
| author | Gusted <williamzijl7@hotmail.com> | 2022-01-31 00:49:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-31 01:49:17 +0200 |
| commit | d5027b6c0977cab63d77c9ec97ea0df4426000c1 (patch) | |
| tree | 4224182d402efe9267a737f21af8cdbb8344d40d /modules | |
| parent | a044ec8b53de41d01c05e9aedf9814bf0e45b602 (diff) | |
| download | gitea-d5027b6c0977cab63d77c9ec97ea0df4426000c1.tar.gz gitea-d5027b6c0977cab63d77c9ec97ea0df4426000c1.zip | |
Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472) (#18473)
* Don't panic & allow shorter sha1 (#18472)
- Backport of #18472
* Improve comment
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/markup/html.go | 9 | ||||
| -rw-r--r-- | modules/markup/html_test.go | 13 |
2 files changed, 21 insertions, 1 deletions
diff --git a/modules/markup/html.go b/modules/markup/html.go index 827be1a9af..345c99e3b4 100644 --- a/modules/markup/html.go +++ b/modules/markup/html.go @@ -55,7 +55,7 @@ var ( anySHA1Pattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(/[-+~_%.a-zA-Z0-9/]+)?(#[-+~_%.a-zA-Z0-9]+)?`) // comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash" - comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(\.\.\.?)([0-9a-f]{40})?(#[-+~_%.a-zA-Z0-9]+)?`) + comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,40})(\.\.\.?)([0-9a-f]{7,40})?(#[-+~_%.a-zA-Z0-9]+)?`) validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`) @@ -944,6 +944,13 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) { return } + // Ensure that every group (m[0]...m[7]) has a match + for i := 0; i < 8; i++ { + if m[i] == -1 { + return + } + } + urlFull := node.Data[m[0]:m[1]] text1 := base.ShortSha(node.Data[m[2]:m[3]]) textDots := base.ShortSha(node.Data[m[4]:m[5]]) diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go index 3fd9ef9f83..23d7b44570 100644 --- a/modules/markup/html_test.go +++ b/modules/markup/html_test.go @@ -546,3 +546,16 @@ func TestFuzz(t *testing.T) { assert.NoError(t, err) } + +func TestIssue18471(t *testing.T) { + data := `http://domain/org/repo/compare/783b039...da951ce` + + var res strings.Builder + err := PostProcess(&RenderContext{ + URLPrefix: "https://example.com", + Metas: localMetas, + }, strings.NewReader(data), &res) + + assert.NoError(t, err) + assert.Equal(t, res.String(), "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">783b039...da951ce</code></a>") +} |