summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2019-04-12 21:52:57 +0100
committerGitHub <noreply@github.com>2019-04-12 21:52:57 +0100
commitb3e757a06c2cfc554c7db0e2da170b123404f058 (patch)
treeb5ff24cc87a1a51308132a11b192d459d1c6f957 /routers
parent01e0408fa1bf01094c40887ed8d58992459e3ba4 (diff)
downloadgitea-b3e757a06c2cfc554c7db0e2da170b123404f058.tar.gz
gitea-b3e757a06c2cfc554c7db0e2da170b123404f058.zip
Correctly adjust mirror url (#6593)
Diffstat (limited to 'routers')
-rw-r--r--routers/repo/setting.go47
1 files changed, 46 insertions, 1 deletions
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 0101b2362b..f58601633a 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -7,9 +7,13 @@ package repo
import (
"errors"
+ "net/url"
+ "regexp"
"strings"
"time"
+ "mvdan.cc/xurls/v2"
+
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/base"
@@ -32,6 +36,8 @@ const (
tplProtectedBranch base.TplName = "repo/settings/protected_branch"
)
+var validFormAddress *regexp.Regexp
+
// Settings show a repository's settings page
func Settings(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("repo.settings")
@@ -145,7 +151,38 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
return
}
}
- if err := ctx.Repo.Mirror.SaveAddress(form.MirrorAddress); err != nil {
+
+ // Validate the form.MirrorAddress
+ u, err := url.Parse(form.MirrorAddress)
+ if err != nil {
+ ctx.Data["Err_MirrorAddress"] = true
+ ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
+ return
+ }
+
+ if u.Opaque != "" || !(u.Scheme == "http" || u.Scheme == "https" || u.Scheme == "git") {
+ ctx.Data["Err_MirrorAddress"] = true
+ ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tplSettingsOptions, &form)
+ return
+ }
+
+ // Now use xurls
+ address := validFormAddress.FindString(form.MirrorAddress)
+ if address != form.MirrorAddress && form.MirrorAddress != "" {
+ ctx.Data["Err_MirrorAddress"] = true
+ ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
+ return
+ }
+
+ if u.EscapedPath() == "" || u.Host == "" || !u.IsAbs() {
+ ctx.Data["Err_MirrorAddress"] = true
+ ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form)
+ return
+ }
+
+ address = u.String()
+
+ if err := ctx.Repo.Mirror.SaveAddress(address); err != nil {
ctx.ServerError("SaveAddress", err)
return
}
@@ -682,3 +719,11 @@ func DeleteDeployKey(ctx *context.Context) {
"redirect": ctx.Repo.RepoLink + "/settings/keys",
})
}
+
+func init() {
+ var err error
+ validFormAddress, err = xurls.StrictMatchingScheme(`(https?)|(git)://`)
+ if err != nil {
+ panic(err)
+ }
+}