aboutsummaryrefslogtreecommitdiffstats
path: root/modules/context
diff options
context:
space:
mode:
Diffstat (limited to 'modules/context')
-rw-r--r--modules/context/context.go6
-rw-r--r--modules/context/csrf.go14
-rw-r--r--modules/context/repo.go10
3 files changed, 17 insertions, 13 deletions
diff --git a/modules/context/context.go b/modules/context/context.go
index 4905e1cb80..f73b5f19c0 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -31,13 +31,13 @@ import (
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/translation"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth"
"gitea.com/go-chi/cache"
"gitea.com/go-chi/session"
chi "github.com/go-chi/chi/v5"
- "github.com/unknwon/com"
"github.com/unrolled/render"
"golang.org/x/crypto/pbkdf2"
)
@@ -475,7 +475,7 @@ func (ctx *Context) CookieDecrypt(secret, val string) (string, bool) {
}
key := pbkdf2.Key([]byte(secret), []byte(secret), 1000, 16, sha256.New)
- text, err = com.AESGCMDecrypt(key, text)
+ text, err = util.AESGCMDecrypt(key, text)
return string(text), err == nil
}
@@ -489,7 +489,7 @@ func (ctx *Context) SetSuperSecureCookie(secret, name, value string, expiry int)
// CookieEncrypt encrypts a given value using the provided secret
func (ctx *Context) CookieEncrypt(secret, value string) string {
key := pbkdf2.Key([]byte(secret), []byte(secret), 1000, 16, sha256.New)
- text, err := com.AESGCMEncrypt(key, []byte(value))
+ text, err := util.AESGCMEncrypt(key, []byte(value))
if err != nil {
panic("error encrypting cookie: " + err.Error())
}
diff --git a/modules/context/csrf.go b/modules/context/csrf.go
index 99c223c884..1fb992e2ae 100644
--- a/modules/context/csrf.go
+++ b/modules/context/csrf.go
@@ -19,13 +19,14 @@
package context
import (
+ "encoding/base32"
+ "fmt"
"net/http"
"time"
"code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
-
- "github.com/unknwon/com"
)
// CSRF represents a CSRF service and is used to get the current token and validate a suspect token.
@@ -162,7 +163,12 @@ func prepareOptions(options []CsrfOptions) CsrfOptions {
// Defaults.
if len(opt.Secret) == 0 {
- opt.Secret = string(com.RandomCreateBytes(10))
+ randBytes, err := util.CryptoRandomBytes(8)
+ if err != nil {
+ // this panic can be handled by the recover() in http handlers
+ panic(fmt.Errorf("failed to generate random bytes: %w", err))
+ }
+ opt.Secret = base32.StdEncoding.EncodeToString(randBytes)
}
if len(opt.Header) == 0 {
opt.Header = "X-CSRFToken"
@@ -211,7 +217,7 @@ func Csrfer(opt CsrfOptions, ctx *Context) CSRF {
x.ID = "0"
uid := ctx.Session.Get(opt.SessionKey)
if uid != nil {
- x.ID = com.ToStr(uid)
+ x.ID = util.ToStr(uid)
}
needsNew := false
diff --git a/modules/context/repo.go b/modules/context/repo.go
index 5a9e38a1d9..a7c9a982c4 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -8,6 +8,7 @@ package context
import (
"context"
"fmt"
+ "html"
"io"
"net/http"
"net/url"
@@ -29,7 +30,6 @@ import (
asymkey_service "code.gitea.io/gitea/services/asymkey"
"github.com/editorconfig/editorconfig-core-go/v2"
- "github.com/unknwon/com"
)
// IssueTemplateDirCandidates issue templates directory
@@ -308,11 +308,9 @@ func EarlyResponseForGoGetMeta(ctx *Context) {
ctx.PlainText(http.StatusBadRequest, "invalid repository path")
return
}
- ctx.PlainText(http.StatusOK, com.Expand(`<meta name="go-import" content="{GoGetImport} git {CloneLink}">`,
- map[string]string{
- "GoGetImport": ComposeGoGetImport(username, reponame),
- "CloneLink": repo_model.ComposeHTTPSCloneURL(username, reponame),
- }))
+ goImportContent := fmt.Sprintf("%s git %s", ComposeGoGetImport(username, reponame), repo_model.ComposeHTTPSCloneURL(username, reponame))
+ htmlMeta := fmt.Sprintf(`<meta name="go-import" content="%s">`, html.EscapeString(goImportContent))
+ ctx.PlainText(http.StatusOK, htmlMeta)
}
// RedirectToRepo redirect to a differently-named repository