summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
author6543 <6543@obermui.de>2020-05-06 13:08:45 +0200
committerGitHub <noreply@github.com>2020-05-06 12:08:45 +0100
commit505e456f26e11d4ee2f7a807a037b11b59defb1f (patch)
treef9cbf4daaa54d8ff29e4e2c0e2ab4a21e61e83c5 /routers
parenta1f11a05e900f3d1130729b2095dbf1b3037658e (diff)
downloadgitea-505e456f26e11d4ee2f7a807a037b11b59defb1f.tar.gz
gitea-505e456f26e11d4ee2f7a807a037b11b59defb1f.zip
Protect default branch against deletion (#11115)
Although default branch is not offered for deletion in the templates, we need to prevent it both at the router level and in the pre-receive hook. Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'routers')
-rw-r--r--routers/private/hook.go8
-rw-r--r--routers/repo/branch.go6
2 files changed, 13 insertions, 1 deletions
diff --git a/routers/private/hook.go b/routers/private/hook.go
index de2b03e0b2..4b57aff588 100644
--- a/routers/private/hook.go
+++ b/routers/private/hook.go
@@ -206,6 +206,14 @@ func HookPreReceive(ctx *macaron.Context, opts private.HookOptions) {
refFullName := opts.RefFullNames[i]
branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
+ if branchName == repo.DefaultBranch && newCommitID == git.EmptySHA {
+ log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo)
+ ctx.JSON(http.StatusForbidden, map[string]interface{}{
+ "err": fmt.Sprintf("branch %s is the default branch and cannot be deleted", branchName),
+ })
+ return
+ }
+
protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName)
if err != nil {
log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)
diff --git a/routers/repo/branch.go b/routers/repo/branch.go
index 1664f68ec1..e7eac04bce 100644
--- a/routers/repo/branch.go
+++ b/routers/repo/branch.go
@@ -57,8 +57,12 @@ func Branches(ctx *context.Context) {
// DeleteBranchPost responses for delete merged branch
func DeleteBranchPost(ctx *context.Context) {
defer redirect(ctx)
-
branchName := ctx.Query("name")
+ if branchName == ctx.Repo.Repository.DefaultBranch {
+ ctx.Flash.Error(ctx.Tr("repo.branch.default_deletion_failed", branchName))
+ return
+ }
+
isProtected, err := ctx.Repo.Repository.IsProtectedBranch(branchName, ctx.User)
if err != nil {
log.Error("DeleteBranch: %v", err)