Unknwon
9 years ago
6 changed files with 40 additions and 16 deletions
+ 1
- 1
gogs.go
View File
| @@ -17,7 +17,7 @@ import ( | |||
| "github.com/gogits/gogs/modules/setting" | |||
| ) | |||
| const APP_VER = "0.5.6.1024 Beta" | |||
| const APP_VER = "0.5.6.1025 Beta" | |||
| func init() { | |||
| runtime.GOMAXPROCS(runtime.NumCPU()) | |||
+ 4
- 1
models/issue.go
View File
| @@ -211,7 +211,10 @@ func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sort | |||
| if len(labelIds) > 0 { | |||
| for _, label := range strings.Split(labelIds, ",") { | |||
| sess.And("label_ids like '%$" + label + "|%'") | |||
| // Prevent SQL inject. | |||
| if com.StrTo(label).MustInt() > 0 { | |||
| sess.And("label_ids like '%$" + label + "|%'") | |||
| } | |||
| } | |||
| } | |||
+ 13
- 6
models/repo.go
View File
| @@ -1131,17 +1131,21 @@ type SearchOption struct { | |||
| Keyword string | |||
| Uid int64 | |||
| Limit int | |||
| Private bool | |||
| } | |||
| // FilterSQLInject tries to prevent SQL injection. | |||
| func FilterSQLInject(key string) string { | |||
| key = strings.TrimSpace(key) | |||
| key = strings.Split(key, " ")[0] | |||
| key = strings.Replace(key, ",", "", -1) | |||
| return key | |||
| } | |||
| // SearchRepositoryByName returns given number of repositories whose name contains keyword. | |||
| func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { | |||
| // Prevent SQL inject. | |||
| opt.Keyword = strings.TrimSpace(opt.Keyword) | |||
| if len(opt.Keyword) == 0 { | |||
| return repos, nil | |||
| } | |||
| opt.Keyword = strings.Split(opt.Keyword, " ")[0] | |||
| opt.Keyword = FilterSQLInject(opt.Keyword) | |||
| if len(opt.Keyword) == 0 { | |||
| return repos, nil | |||
| } | |||
| @@ -1154,6 +1158,9 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { | |||
| if opt.Uid > 0 { | |||
| sess.Where("owner_id=?", opt.Uid) | |||
| } | |||
| if !opt.Private { | |||
| sess.And("is_private=false") | |||
| } | |||
| sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos) | |||
| return repos, err | |||
| } | |||
+ 1
- 7
models/user.go
View File
| @@ -574,13 +574,7 @@ func GetUserByEmail(email string) (*User, error) { | |||
| // SearchUserByName returns given number of users whose name contains keyword. | |||
| func SearchUserByName(opt SearchOption) (us []*User, err error) { | |||
| // Prevent SQL inject. | |||
| opt.Keyword = strings.TrimSpace(opt.Keyword) | |||
| if len(opt.Keyword) == 0 { | |||
| return us, nil | |||
| } | |||
| opt.Keyword = strings.Split(opt.Keyword, " ")[0] | |||
| opt.Keyword = FilterSQLInject(opt.Keyword) | |||
| if len(opt.Keyword) == 0 { | |||
| return us, nil | |||
| } | |||
+ 20
- 0
routers/api/v1/repos.go
View File
| @@ -31,6 +31,26 @@ func SearchRepos(ctx *middleware.Context) { | |||
| opt.Limit = 10 | |||
| } | |||
| // Check visibility. | |||
| if ctx.IsSigned && opt.Uid > 0 { | |||
| if ctx.User.Id == opt.Uid { | |||
| opt.Private = true | |||
| } else { | |||
| u, err := models.GetUserById(opt.Uid) | |||
| if err != nil { | |||
| ctx.JSON(500, map[string]interface{}{ | |||
| "ok": false, | |||
| "error": err.Error(), | |||
| }) | |||
| return | |||
| } | |||
| if u.IsOrganization() && u.IsOrgOwner(ctx.User.Id) { | |||
| opt.Private = true | |||
| } | |||
| // FIXME: how about collaborators? | |||
| } | |||
| } | |||
| repos, err := models.SearchRepositoryByName(opt) | |||
| if err != nil { | |||
| ctx.JSON(500, map[string]interface{}{ | |||
+ 1
- 1
templates/.VERSION
View File
| @@ -1 +1 @@ | |||
| 0.5.6.1024 Beta | |||
| 0.5.6.1025 Beta | |||
Loading…