From 8220e50b56cf7bf9cdfff29a287c5721c3949464 Mon Sep 17 00:00:00 2001 From: Kyle D Date: Tue, 20 Jun 2023 17:14:47 -0400 Subject: Substitute variables in path names of template repos too (#25294) ### Summary Extend the template variable substitution to replace file paths. This can be helpful for setting up log files & directories that should match the repository name. ### PR Changes - Move files matching glob pattern when setting up repos from template - For security, added ~escaping~ sanitization for cross-platform support and to prevent directory traversal (thanks @silverwind for the reference) - Added unit testing for escaping function - Fixed the integration tests for repo template generation by passing the repo_template_id - Updated the integration testfiles to add some variable substitution & assert the outputs I had to fix the existing repo template integration test and extend it to add a check for variable substitutions. Example: ![image](https://github.com/go-gitea/gitea/assets/12700993/621feb09-0ef3-460e-afa8-da74cd84fa4e) --- docs/content/doc/usage/template-repositories.en-us.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/content/doc/usage/template-repositories.en-us.md b/docs/content/doc/usage/template-repositories.en-us.md index 0c278648b3..5687861b8c 100644 --- a/docs/content/doc/usage/template-repositories.en-us.md +++ b/docs/content/doc/usage/template-repositories.en-us.md @@ -51,6 +51,8 @@ a/b/c/d.json In any file matched by the above globs, certain variables will be expanded. +Matching filenames and paths can also be expanded, and are conservatively sanitized to support cross-platform filesystems. + All variables must be of the form `$VAR` or `${VAR}`. To escape an expansion, use a double `$$`, such as `$$VAR` or `$${VAR}` | Variable | Expands To | Transformable | -- cgit v1.2.3