"github.com/gogits/gogs/modules/setting" | "github.com/gogits/gogs/modules/setting" | ||||
) | ) | ||||
const APP_VER = "0.5.6.1024 Beta" | |||||
const APP_VER = "0.5.6.1025 Beta" | |||||
func init() { | func init() { | ||||
runtime.GOMAXPROCS(runtime.NumCPU()) | runtime.GOMAXPROCS(runtime.NumCPU()) |
if len(labelIds) > 0 { | if len(labelIds) > 0 { | ||||
for _, label := range strings.Split(labelIds, ",") { | for _, label := range strings.Split(labelIds, ",") { | ||||
sess.And("label_ids like '%$" + label + "|%'") | |||||
// Prevent SQL inject. | |||||
if com.StrTo(label).MustInt() > 0 { | |||||
sess.And("label_ids like '%$" + label + "|%'") | |||||
} | |||||
} | } | ||||
} | } | ||||
Keyword string | Keyword string | ||||
Uid int64 | Uid int64 | ||||
Limit int | Limit int | ||||
Private bool | |||||
} | |||||
// FilterSQLInject tries to prevent SQL injection. | |||||
func FilterSQLInject(key string) string { | |||||
key = strings.TrimSpace(key) | |||||
key = strings.Split(key, " ")[0] | |||||
key = strings.Replace(key, ",", "", -1) | |||||
return key | |||||
} | } | ||||
// SearchRepositoryByName returns given number of repositories whose name contains keyword. | // SearchRepositoryByName returns given number of repositories whose name contains keyword. | ||||
func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { | func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { | ||||
// Prevent SQL inject. | // Prevent SQL inject. | ||||
opt.Keyword = strings.TrimSpace(opt.Keyword) | |||||
if len(opt.Keyword) == 0 { | |||||
return repos, nil | |||||
} | |||||
opt.Keyword = strings.Split(opt.Keyword, " ")[0] | |||||
opt.Keyword = FilterSQLInject(opt.Keyword) | |||||
if len(opt.Keyword) == 0 { | if len(opt.Keyword) == 0 { | ||||
return repos, nil | return repos, nil | ||||
} | } | ||||
if opt.Uid > 0 { | if opt.Uid > 0 { | ||||
sess.Where("owner_id=?", opt.Uid) | sess.Where("owner_id=?", opt.Uid) | ||||
} | } | ||||
if !opt.Private { | |||||
sess.And("is_private=false") | |||||
} | |||||
sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos) | sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos) | ||||
return repos, err | return repos, err | ||||
} | } |
// SearchUserByName returns given number of users whose name contains keyword. | // SearchUserByName returns given number of users whose name contains keyword. | ||||
func SearchUserByName(opt SearchOption) (us []*User, err error) { | func SearchUserByName(opt SearchOption) (us []*User, err error) { | ||||
// Prevent SQL inject. | |||||
opt.Keyword = strings.TrimSpace(opt.Keyword) | |||||
if len(opt.Keyword) == 0 { | |||||
return us, nil | |||||
} | |||||
opt.Keyword = strings.Split(opt.Keyword, " ")[0] | |||||
opt.Keyword = FilterSQLInject(opt.Keyword) | |||||
if len(opt.Keyword) == 0 { | if len(opt.Keyword) == 0 { | ||||
return us, nil | return us, nil | ||||
} | } |
opt.Limit = 10 | opt.Limit = 10 | ||||
} | } | ||||
// Check visibility. | |||||
if ctx.IsSigned && opt.Uid > 0 { | |||||
if ctx.User.Id == opt.Uid { | |||||
opt.Private = true | |||||
} else { | |||||
u, err := models.GetUserById(opt.Uid) | |||||
if err != nil { | |||||
ctx.JSON(500, map[string]interface{}{ | |||||
"ok": false, | |||||
"error": err.Error(), | |||||
}) | |||||
return | |||||
} | |||||
if u.IsOrganization() && u.IsOrgOwner(ctx.User.Id) { | |||||
opt.Private = true | |||||
} | |||||
// FIXME: how about collaborators? | |||||
} | |||||
} | |||||
repos, err := models.SearchRepositoryByName(opt) | repos, err := models.SearchRepositoryByName(opt) | ||||
if err != nil { | if err != nil { | ||||
ctx.JSON(500, map[string]interface{}{ | ctx.JSON(500, map[string]interface{}{ |
0.5.6.1024 Beta | |||||
0.5.6.1025 Beta |