summaryrefslogtreecommitdiffstats
path: root/models/repo.go
diff options
context:
space:
mode:
Diffstat (limited to 'models/repo.go')
-rw-r--r--models/repo.go19
1 files changed, 13 insertions, 6 deletions
diff --git a/models/repo.go b/models/repo.go
index dc47b2e6e9..888dea1ea6 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -1131,17 +1131,21 @@ type SearchOption struct {
Keyword string
Uid int64
Limit int
+ Private bool
+}
+
+// FilterSQLInject tries to prevent SQL injection.
+func FilterSQLInject(key string) string {
+ key = strings.TrimSpace(key)
+ key = strings.Split(key, " ")[0]
+ key = strings.Replace(key, ",", "", -1)
+ return key
}
// SearchRepositoryByName returns given number of repositories whose name contains keyword.
func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) {
// Prevent SQL inject.
- opt.Keyword = strings.TrimSpace(opt.Keyword)
- if len(opt.Keyword) == 0 {
- return repos, nil
- }
-
- opt.Keyword = strings.Split(opt.Keyword, " ")[0]
+ opt.Keyword = FilterSQLInject(opt.Keyword)
if len(opt.Keyword) == 0 {
return repos, nil
}
@@ -1154,6 +1158,9 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) {
if opt.Uid > 0 {
sess.Where("owner_id=?", opt.Uid)
}
+ if !opt.Private {
+ sess.And("is_private=false")
+ }
sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos)
return repos, err
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-12 19:29:41 +0000