mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
Browse Source

Safe work

tags/v0.9.99
Unknwon 9 years ago
parent
f1d8746264
commit
83283bca4c
6 changed files with 40 additions and 16 deletions
Unified View Show Diff Stats
  1. 1
    1
      gogs.go
  2. 4
    1
      models/issue.go
  3. 13
    6
      models/repo.go
  4. 1
    7
      models/user.go
  5. 20
    0
      routers/api/v1/repos.go
  6. 1
    1
      templates/.VERSION

+ 1
- 1
gogs.go View File

"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )


const APP_VER = "0.5.6.1024 Beta"
const APP_VER = "0.5.6.1025 Beta"


func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

+ 4
- 1
models/issue.go View File



if len(labelIds) > 0 { if len(labelIds) > 0 {
for _, label := range strings.Split(labelIds, ",") { for _, label := range strings.Split(labelIds, ",") {
sess.And("label_ids like '%$" + label + "|%'")
// Prevent SQL inject.
if com.StrTo(label).MustInt() > 0 {
sess.And("label_ids like '%$" + label + "|%'")
}
} }
} }



+ 13
- 6
models/repo.go View File

Keyword string Keyword string
Uid int64 Uid int64
Limit int Limit int
Private bool
}

// FilterSQLInject tries to prevent SQL injection.
func FilterSQLInject(key string) string {
key = strings.TrimSpace(key)
key = strings.Split(key, " ")[0]
key = strings.Replace(key, ",", "", -1)
return key
} }


// SearchRepositoryByName returns given number of repositories whose name contains keyword. // SearchRepositoryByName returns given number of repositories whose name contains keyword.
func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) {
// Prevent SQL inject. // Prevent SQL inject.
opt.Keyword = strings.TrimSpace(opt.Keyword)
if len(opt.Keyword) == 0 {
return repos, nil
}

opt.Keyword = strings.Split(opt.Keyword, " ")[0]
opt.Keyword = FilterSQLInject(opt.Keyword)
if len(opt.Keyword) == 0 { if len(opt.Keyword) == 0 {
return repos, nil return repos, nil
} }
if opt.Uid > 0 { if opt.Uid > 0 {
sess.Where("owner_id=?", opt.Uid) sess.Where("owner_id=?", opt.Uid)
} }
if !opt.Private {
sess.And("is_private=false")
}
sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos) sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos)
return repos, err return repos, err
} }

+ 1
- 7
models/user.go View File



// SearchUserByName returns given number of users whose name contains keyword. // SearchUserByName returns given number of users whose name contains keyword.
func SearchUserByName(opt SearchOption) (us []*User, err error) { func SearchUserByName(opt SearchOption) (us []*User, err error) {
// Prevent SQL inject.
opt.Keyword = strings.TrimSpace(opt.Keyword)
if len(opt.Keyword) == 0 {
return us, nil
}

opt.Keyword = strings.Split(opt.Keyword, " ")[0]
opt.Keyword = FilterSQLInject(opt.Keyword)
if len(opt.Keyword) == 0 { if len(opt.Keyword) == 0 {
return us, nil return us, nil
} }

+ 20
- 0
routers/api/v1/repos.go View File

opt.Limit = 10 opt.Limit = 10
} }


// Check visibility.
if ctx.IsSigned && opt.Uid > 0 {
if ctx.User.Id == opt.Uid {
opt.Private = true
} else {
u, err := models.GetUserById(opt.Uid)
if err != nil {
ctx.JSON(500, map[string]interface{}{
"ok": false,
"error": err.Error(),
})
return
}
if u.IsOrganization() && u.IsOrgOwner(ctx.User.Id) {
opt.Private = true
}
// FIXME: how about collaborators?
}
}

repos, err := models.SearchRepositoryByName(opt) repos, err := models.SearchRepositoryByName(opt)
if err != nil { if err != nil {
ctx.JSON(500, map[string]interface{}{ ctx.JSON(500, map[string]interface{}{

+ 1
- 1
templates/.VERSION View File

0.5.6.1024 Beta
0.5.6.1025 Beta

Write Preview
Loading…
Cancel
Save