diff options
author | zeripath <art27@cantab.net> | 2019-04-12 21:52:57 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-12 21:52:57 +0100 |
commit | b3e757a06c2cfc554c7db0e2da170b123404f058 (patch) | |
tree | b5ff24cc87a1a51308132a11b192d459d1c6f957 /routers | |
parent | 01e0408fa1bf01094c40887ed8d58992459e3ba4 (diff) | |
download | gitea-b3e757a06c2cfc554c7db0e2da170b123404f058.tar.gz gitea-b3e757a06c2cfc554c7db0e2da170b123404f058.zip |
Correctly adjust mirror url (#6593)
Diffstat (limited to 'routers')
-rw-r--r-- | routers/repo/setting.go | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/routers/repo/setting.go b/routers/repo/setting.go index 0101b2362b..f58601633a 100644 --- a/routers/repo/setting.go +++ b/routers/repo/setting.go @@ -7,9 +7,13 @@ package repo import ( "errors" + "net/url" + "regexp" "strings" "time" + "mvdan.cc/xurls/v2" + "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/auth" "code.gitea.io/gitea/modules/base" @@ -32,6 +36,8 @@ const ( tplProtectedBranch base.TplName = "repo/settings/protected_branch" ) +var validFormAddress *regexp.Regexp + // Settings show a repository's settings page func Settings(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("repo.settings") @@ -145,7 +151,38 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) { return } } - if err := ctx.Repo.Mirror.SaveAddress(form.MirrorAddress); err != nil { + + // Validate the form.MirrorAddress + u, err := url.Parse(form.MirrorAddress) + if err != nil { + ctx.Data["Err_MirrorAddress"] = true + ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form) + return + } + + if u.Opaque != "" || !(u.Scheme == "http" || u.Scheme == "https" || u.Scheme == "git") { + ctx.Data["Err_MirrorAddress"] = true + ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tplSettingsOptions, &form) + return + } + + // Now use xurls + address := validFormAddress.FindString(form.MirrorAddress) + if address != form.MirrorAddress && form.MirrorAddress != "" { + ctx.Data["Err_MirrorAddress"] = true + ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form) + return + } + + if u.EscapedPath() == "" || u.Host == "" || !u.IsAbs() { + ctx.Data["Err_MirrorAddress"] = true + ctx.RenderWithErr(ctx.Tr("repo.mirror_address_url_invalid"), tplSettingsOptions, &form) + return + } + + address = u.String() + + if err := ctx.Repo.Mirror.SaveAddress(address); err != nil { ctx.ServerError("SaveAddress", err) return } @@ -682,3 +719,11 @@ func DeleteDeployKey(ctx *context.Context) { "redirect": ctx.Repo.RepoLink + "/settings/keys", }) } + +func init() { + var err error + validFormAddress, err = xurls.StrictMatchingScheme(`(https?)|(git)://`) + if err != nil { + panic(err) + } +} |