Check that hashes are commits before making them links

Signed-off-by: Gary Kim <gary@garykim.dev>
This commit is contained in:
Gary Kim 2019-07-31 10:33:40 +08:00
parent 195cb4f777
commit a88564b8bc
No known key found for this signature in database
GPG key ID: 9349B59FB54594AC
2 changed files with 12 additions and 2 deletions

View file

@ -508,8 +508,9 @@ func (repo *Repository) mustOwnerName(e Engine) string {
func (repo *Repository) ComposeMetas() map[string]string {
if repo.ExternalMetas == nil {
repo.ExternalMetas = map[string]string{
"user": repo.MustOwner().Name,
"repo": repo.Name,
"user": repo.MustOwner().Name,
"repo": repo.Name,
"repoPath": repo.RepoPath(),
}
unit, err := repo.GetUnit(UnitTypeExternalTracker)
if err != nil {

View file

@ -13,6 +13,7 @@ import (
"strings"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
@ -657,6 +658,14 @@ func sha1CurrentPatternProcessor(ctx *postProcessCtx, node *html.Node) {
// but that is not always the case.
// Although unlikely, deadbeef and 1234567 are valid short forms of SHA1 hash
// as used by git and github for linking and thus we have to do similar.
// Because of this, we check to make sure that a matched hash is actually
// a commit in the repository before making it a link.
if ctx.metas["repoPath"] != "" {
if _, err := git.NewCommand("log", "-1", hash).RunInDirBytes(ctx.metas["repoPath"]); err != nil {
return
}
}
replaceContent(node, m[2], m[3],
createCodeLink(util.URLJoin(setting.AppURL, ctx.metas["user"], ctx.metas["repo"], "commit", hash), base.ShortSha(hash)))
}