aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2019-02-12 13:07:31 +0000
committerLauris BH <lauris@nix.lv>2019-02-12 15:07:31 +0200
commit296814e887f9bcf0b1d44552deaf40e89e08ab50 (patch)
tree03a2ade3a2ac60df1670c78ec02e7fa529143006 /routers
parentfc038caa69815c1be930e3d31a8bc71afbc9714f (diff)
downloadgitea-296814e887f9bcf0b1d44552deaf40e89e08ab50.tar.gz
gitea-296814e887f9bcf0b1d44552deaf40e89e08ab50.zip
Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile * Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview * Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile * Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles * Move branch checkout functions out of repo_editor.go as they are no longer used there * BUGFIX: The default permissions should be 100644 This is a change from the previous code but is more in keeping with the default behaviour of git. Signed-off-by: Andrew Thornton <art27@cantab.net> * Standardise cleanUploadFilename to more closely match git See verify_path in: https://github.com/git/git/blob/7f4e64169352e03476b0ea64e7e2973669e491a2/read-cache.c#L951 Signed-off-by: Andrew Thornton <art27@cantab.net> * Redirect on bad paths Signed-off-by: Andrew Thornton <art27@cantab.net> * Refactor to move the uploading functions out to a module Signed-off-by: Andrew Thornton <art27@cantab.net> * Add LFS support Signed-off-by: Andrew Thornton <art27@cantab.net> * Update upload.go attribution header Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution. * Delete upload files after session committed * Ensure that GIT_AUTHOR_NAME etc. are valid for git see #5774 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add in test cases per @lafriks comment * Add space between gitea and github imports Signed-off-by: Andrew Thornton <art27@cantab.net> * more examples in TestCleanUploadName Signed-off-by: Andrew Thornton <art27@cantab.net> * fix formatting Signed-off-by: Andrew Thornton <art27@cantab.net> * Set the SSH_ORIGINAL_COMMAND to ensure hooks are run Signed-off-by: Andrew Thornton <art27@cantab.net> * Switch off SSH_ORIGINAL_COMMAND Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'routers')
-rw-r--r--routers/repo/editor.go59
-rw-r--r--routers/repo/editor_test.go26
2 files changed, 59 insertions, 26 deletions
diff --git a/routers/repo/editor.go b/routers/repo/editor.go
index 4e3557dbb2..01963d8dc6 100644
--- a/routers/repo/editor.go
+++ b/routers/repo/editor.go
@@ -19,6 +19,7 @@ import (
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
+ "code.gitea.io/gitea/modules/uploader"
)
const (
@@ -62,6 +63,16 @@ func editFile(ctx *context.Context, isNewFile bool) {
ctx.Data["RequireSimpleMDE"] = true
canCommit := renderCommitRights(ctx)
+ treePath := cleanUploadFileName(ctx.Repo.TreePath)
+ if treePath != ctx.Repo.TreePath {
+ if isNewFile {
+ ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_new", ctx.Repo.BranchName, treePath))
+ } else {
+ ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_edit", ctx.Repo.BranchName, treePath))
+ }
+ return
+ }
+
treeNames, treePaths := getParentTreeFields(ctx.Repo.TreePath)
if !isNewFile {
@@ -155,7 +166,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
oldBranchName := ctx.Repo.BranchName
branchName := oldBranchName
- oldTreePath := ctx.Repo.TreePath
+ oldTreePath := cleanUploadFileName(ctx.Repo.TreePath)
lastCommit := form.LastCommit
form.LastCommit = ctx.Repo.Commit.ID.String()
@@ -298,7 +309,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
message += "\n\n" + form.CommitMessage
}
- if err := ctx.Repo.Repository.UpdateRepoFile(ctx.User, models.UpdateRepoFileOptions{
+ if err := uploader.UpdateRepoFile(ctx.Repo.Repository, ctx.User, &uploader.UpdateRepoFileOptions{
LastCommitID: lastCommit,
OldBranch: oldBranchName,
NewBranch: branchName,
@@ -328,7 +339,11 @@ func NewFilePost(ctx *context.Context, form auth.EditRepoFileForm) {
// DiffPreviewPost render preview diff page
func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm) {
- treePath := ctx.Repo.TreePath
+ treePath := cleanUploadFileName(ctx.Repo.TreePath)
+ if len(treePath) == 0 {
+ ctx.Error(500, "file name to diff is invalid")
+ return
+ }
entry, err := ctx.Repo.Commit.GetTreeEntryByPath(treePath)
if err != nil {
@@ -339,7 +354,7 @@ func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm) {
return
}
- diff, err := ctx.Repo.Repository.GetDiffPreview(ctx.Repo.BranchName, treePath, form.Content)
+ diff, err := uploader.GetDiffPreview(ctx.Repo.Repository, ctx.Repo.BranchName, treePath, form.Content)
if err != nil {
ctx.Error(500, "GetDiffPreview: "+err.Error())
return
@@ -358,7 +373,14 @@ func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm) {
func DeleteFile(ctx *context.Context) {
ctx.Data["PageIsDelete"] = true
ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
- ctx.Data["TreePath"] = ctx.Repo.TreePath
+ treePath := cleanUploadFileName(ctx.Repo.TreePath)
+
+ if treePath != ctx.Repo.TreePath {
+ ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_delete", ctx.Repo.BranchName, treePath))
+ return
+ }
+
+ ctx.Data["TreePath"] = treePath
canCommit := renderCommitRights(ctx)
ctx.Data["commit_summary"] = ""
@@ -426,7 +448,7 @@ func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
message += "\n\n" + form.CommitMessage
}
- if err := ctx.Repo.Repository.DeleteRepoFile(ctx.User, models.DeleteRepoFileOptions{
+ if err := uploader.DeleteRepoFile(ctx.Repo.Repository, ctx.User, &uploader.DeleteRepoFileOptions{
LastCommitID: ctx.Repo.CommitID,
OldBranch: oldBranchName,
NewBranch: branchName,
@@ -453,6 +475,12 @@ func UploadFile(ctx *context.Context) {
ctx.Data["PageIsUpload"] = true
renderUploadSettings(ctx)
canCommit := renderCommitRights(ctx)
+ treePath := cleanUploadFileName(ctx.Repo.TreePath)
+ if treePath != ctx.Repo.TreePath {
+ ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_upload", ctx.Repo.BranchName, treePath))
+ return
+ }
+ ctx.Repo.TreePath = treePath
treeNames, treePaths := getParentTreeFields(ctx.Repo.TreePath)
if len(treeNames) == 0 {
@@ -489,10 +517,6 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
}
form.TreePath = cleanUploadFileName(form.TreePath)
- if len(form.TreePath) == 0 {
- ctx.Error(500, "Upload file name is invalid")
- return
- }
treeNames, treePaths := getParentTreeFields(form.TreePath)
if len(treeNames) == 0 {
@@ -559,7 +583,7 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
message += "\n\n" + form.CommitMessage
}
- if err := ctx.Repo.Repository.UploadRepoFiles(ctx.User, models.UploadRepoFileOptions{
+ if err := uploader.UploadRepoFiles(ctx.Repo.Repository, ctx.User, &uploader.UploadRepoFileOptions{
LastCommitID: ctx.Repo.CommitID,
OldBranch: oldBranchName,
NewBranch: branchName,
@@ -576,12 +600,13 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
}
func cleanUploadFileName(name string) string {
- name = strings.TrimLeft(name, "./\\")
- name = strings.Replace(name, "../", "", -1)
- name = strings.Replace(name, "..\\", "", -1)
- name = strings.TrimPrefix(path.Clean(name), ".git/")
- if name == ".git" {
- return ""
+ // Rebase the filename
+ name = strings.Trim(path.Clean("/"+name), " /")
+ // Git disallows any filenames to have a .git directory in them.
+ for _, part := range strings.Split(name, "/") {
+ if strings.ToLower(part) == ".git" {
+ return ""
+ }
}
return name
}
diff --git a/routers/repo/editor_test.go b/routers/repo/editor_test.go
index e5b9570205..b3d4314c26 100644
--- a/routers/repo/editor_test.go
+++ b/routers/repo/editor_test.go
@@ -15,16 +15,24 @@ func TestCleanUploadName(t *testing.T) {
models.PrepareTestEnv(t)
var kases = map[string]string{
- ".git/refs/master": "git/refs/master",
- "/root/abc": "root/abc",
- "./../../abc": "abc",
- "a/../.git": "a/.git",
- "a/../../../abc": "a/abc",
- "../../../acd": "acd",
- "../../.git/abc": "git/abc",
- "..\\..\\.git/abc": "git/abc",
+ ".git/refs/master": "",
+ "/root/abc": "root/abc",
+ "./../../abc": "abc",
+ "a/../.git": "",
+ "a/../../../abc": "abc",
+ "../../../acd": "acd",
+ "../../.git/abc": "",
+ "..\\..\\.git/abc": "..\\..\\.git/abc",
+ "..\\../.git/abc": "",
+ "..\\../.git": "",
+ "abc/../def": "def",
+ ".drone.yml": ".drone.yml",
+ ".abc/def/.drone.yml": ".abc/def/.drone.yml",
+ "..drone.yml.": "..drone.yml.",
+ "..a.dotty...name...": "..a.dotty...name...",
+ "..a.dotty../.folder../.name...": "..a.dotty../.folder../.name...",
}
for k, v := range kases {
- assert.EqualValues(t, v, cleanUploadFileName(k))
+ assert.EqualValues(t, cleanUploadFileName(k), v)
}
}