summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/auth/auth.go7
-rw-r--r--modules/auth/user_form.go41
-rw-r--r--modules/base/markdown.go12
-rw-r--r--modules/base/template.go12
-rw-r--r--modules/base/tool.go30
-rw-r--r--modules/middleware/auth.go2
-rw-r--r--modules/setting/setting.go2
7 files changed, 49 insertions, 57 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index 1dd96d8d40..ad7ce5b9ad 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -9,6 +9,7 @@ import (
"reflect"
"strings"
+ "github.com/Unknwon/com"
"github.com/Unknwon/macaron"
"github.com/macaron-contrib/binding"
"github.com/macaron-contrib/session"
@@ -135,6 +136,10 @@ type Form interface {
binding.Validator
}
+func init() {
+ binding.SetNameMapper(com.ToSnakeCase)
+}
+
// AssignForm assign form values back to the template data.
func AssignForm(form interface{}, data map[string]interface{}) {
typ := reflect.TypeOf(form)
@@ -152,6 +157,8 @@ func AssignForm(form interface{}, data map[string]interface{}) {
// Allow ignored fields in the struct
if fieldName == "-" {
continue
+ } else if len(fieldName) == 0 {
+ fieldName = com.ToSnakeCase(field.Name)
}
data[fieldName] = val.Field(i).Interface()
diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go
index becd5cbca8..3c0ff65174 100644
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@@ -12,26 +12,27 @@ import (
)
type InstallForm struct {
- Database string `form:"database" binding:"Required"`
- DbHost string `form:"host"`
- DbUser string `form:"user"`
- DbPasswd string `form:"passwd"`
- DatabaseName string `form:"database_name"`
- SslMode string `form:"ssl_mode"`
- DatabasePath string `form:"database_path"`
- RepoRootPath string `form:"repo_path" binding:"Required"`
- RunUser string `form:"run_user" binding:"Required"`
- Domain string `form:"domain" binding:"Required"`
- AppUrl string `form:"app_url" binding:"Required"`
- SmtpHost string `form:"smtp_host"`
- SmtpEmail string `form:"mailer_user"`
- SmtpPasswd string `form:"mailer_pwd"`
- RegisterConfirm string `form:"register_confirm"`
- MailNotify string `form:"mail_notify"`
- AdminName string `form:"admin_name" binding:"Required;AlphaDashDot;MaxSize(30)"`
- AdminPasswd string `form:"admin_pwd" binding:"Required;MinSize(6);MaxSize(255)"`
- ConfirmPasswd string `form:"confirm_passwd" binding:"Required;MinSize(6);MaxSize(255)"`
- AdminEmail string `form:"admin_email" binding:"Required;Email;MaxSize(50)"`
+ DbType string `binding:"Required"`
+ DbHost string
+ DbUser string
+ DbPasswd string
+ DbName string
+ SSLMode string
+ DbPath string
+ RepoRootPath string `binding:"Required"`
+ RunUser string `binding:"Required"`
+ Domain string `binding:"Required"`
+ HTTPPort string `binding:"Required"`
+ AppUrl string `binding:"Required"`
+ SMTPHost string
+ SMTPEmail string
+ SMTPPasswd string
+ RegisterConfirm string
+ MailNotify string
+ AdminName string `binding:"Required;AlphaDashDot;MaxSize(30)"`
+ AdminPasswd string `binding:"Required;MinSize(6);MaxSize(255)"`
+ AdminConfirmPasswd string `binding:"Required;MinSize(6);MaxSize(255)"`
+ AdminEmail string `binding:"Required;Email;MaxSize(50)"`
}
func (f *InstallForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index b2f94c480b..d3f3e5feaf 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -63,12 +63,18 @@ func IsImageFile(data []byte) (string, bool) {
return contentType, false
}
+// IsReadmeFile returns true if given file name suppose to be a README file.
func IsReadmeFile(name string) bool {
name = strings.ToLower(name)
if len(name) < 6 {
return false
+ } else if len(name) == 6 {
+ if name == "readme" {
+ return true
+ }
+ return false
}
- if name[:6] == "readme" {
+ if name[:7] == "readme." {
return true
}
return false
@@ -103,7 +109,7 @@ var (
MentionPattern = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`)
commitPattern = regexp.MustCompile(`(\s|^)https?.*commit/[0-9a-zA-Z]+(#+[0-9a-zA-Z-]*)?`)
issueFullPattern = regexp.MustCompile(`(\s|^)https?.*issues/[0-9]+(#+[0-9a-zA-Z-]*)?`)
- issueIndexPattern = regexp.MustCompile(`#[0-9]+`)
+ issueIndexPattern = regexp.MustCompile(`( |^)#[0-9]+`)
sha1CurrentPattern = regexp.MustCompile(`\b[0-9a-f]{40}\b`)
)
@@ -212,7 +218,7 @@ func RenderRawMarkdown(body []byte, urlPrefix string) []byte {
func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
body := RenderSpecialLink(rawBytes, urlPrefix)
body = RenderRawMarkdown(body, urlPrefix)
- body = XSS(body)
+ body = Sanitizer.SanitizeBytes(body)
return body
}
diff --git a/modules/base/template.go b/modules/base/template.go
index 829999d1c9..f3fa138578 100644
--- a/modules/base/template.go
+++ b/modules/base/template.go
@@ -13,7 +13,6 @@ import (
"strings"
"time"
- "github.com/microcosm-cc/bluemonday"
"golang.org/x/net/html/charset"
"golang.org/x/text/transform"
@@ -21,11 +20,8 @@ import (
"github.com/gogits/gogs/modules/setting"
)
-// FIXME: use me to Markdown API renders
-var p = bluemonday.UGCPolicy()
-
func Str2html(raw string) template.HTML {
- return template.HTML(p.Sanitize(raw))
+ return template.HTML(Sanitizer.Sanitize(raw))
}
func Range(l int) []int {
@@ -90,6 +86,11 @@ func ToUtf8(content string) string {
return res
}
+// RenderCommitMessage renders commit message with XSS-safe and special links.
+func RenderCommitMessage(msg, urlPrefix string) template.HTML {
+ return template.HTML(string(RenderIssueIndexPattern([]byte(template.HTMLEscapeString(msg)), urlPrefix)))
+}
+
var mailDomains = map[string]string{
"gmail.com": "gmail.com",
}
@@ -163,6 +164,7 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{
"EscapePound": func(str string) string {
return strings.Replace(str, "#", "%23", -1)
},
+ "RenderCommitMessage": RenderCommitMessage,
}
type Actioner interface {
diff --git a/modules/base/tool.go b/modules/base/tool.go
index ff5a4f4cd9..5043364cec 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -15,17 +15,19 @@ import (
"hash"
"html/template"
"math"
- "regexp"
"strings"
"time"
"github.com/Unknwon/com"
"github.com/Unknwon/i18n"
+ "github.com/microcosm-cc/bluemonday"
"github.com/gogits/gogs/modules/avatar"
"github.com/gogits/gogs/modules/setting"
)
+var Sanitizer = bluemonday.UGCPolicy()
+
// Encode string to md5 hex value.
func EncodeMd5(str string) string {
m := md5.New()
@@ -473,29 +475,3 @@ func DateFormat(t time.Time, format string) string {
format = replacer.Replace(format)
return t.Format(format)
}
-
-type xssFilter struct {
- reg *regexp.Regexp
- repl []byte
-}
-
-var (
- whiteSpace = []byte(" ")
- xssFilters = []xssFilter{
- {regexp.MustCompile(`\ [ONon]\w*=["]*`), whiteSpace},
- {regexp.MustCompile(`<[SCRIPTscript]{6}`), whiteSpace},
- {regexp.MustCompile(`=[` + "`" + `'"]*[JAVASCRIPTjavascript \t\0&#x0D;]*:`), whiteSpace},
- }
-)
-
-// XSS goes through all the XSS filters to make user input content as safe as possible.
-func XSS(in []byte) []byte {
- for _, filter := range xssFilters {
- in = filter.reg.ReplaceAll(in, filter.repl)
- }
- return in
-}
-
-func XSSString(in string) string {
- return string(XSS([]byte(in)))
-}
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index 94bb1c14a4..b0bcd87f54 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -54,7 +54,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
if strings.HasSuffix(ctx.Req.RequestURI, "watch") {
return
}
- ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
+ ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/user/login")
return
} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index bc9da3c63a..e7c44cdd4f 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -178,7 +178,7 @@ func NewConfigContext() {
log.Fatal(4, "Fail to load custom 'conf/app.ini': %v", err)
}
} else {
- log.Warn("No custom 'conf/app.ini' found, please go to '/install'")
+ log.Warn("No custom 'conf/app.ini' found, ignore this if you're running first time")
}
Cfg.NameMapper = ini.AllCapsUnderscore
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 17:47:31 +0000