mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-11 12:40:16 +00:00
Check commit message hashes before making links
Previously, when formatting commit messages, anything that looked like SHA1 hashes was turned into a link using regex. This meant that certain phrases or numbers such as `777777` or `deadbeef` could be recognized as a commit even if the repository has no commit with those hashes. This change will make it so that anything that looks like a SHA1 hash using regex will then also be checked to ensure that there is a commit in the repository with that hash before making a link. Signed-off-by: Gary Kim <gary@garykim.dev>
This commit is contained in:
parent
06392479b4
commit
e887f922ca
|
@ -510,6 +510,7 @@ func (repo *Repository) ComposeMetas() map[string]string {
|
||||||
repo.ExternalMetas = map[string]string{
|
repo.ExternalMetas = map[string]string{
|
||||||
"user": repo.MustOwner().Name,
|
"user": repo.MustOwner().Name,
|
||||||
"repo": repo.Name,
|
"repo": repo.Name,
|
||||||
|
"repoPath": repo.RepoPath(),
|
||||||
}
|
}
|
||||||
unit, err := repo.GetUnit(UnitTypeExternalTracker)
|
unit, err := repo.GetUnit(UnitTypeExternalTracker)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -13,6 +13,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/base"
|
"code.gitea.io/gitea/modules/base"
|
||||||
|
"code.gitea.io/gitea/modules/git"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/util"
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
|
||||||
|
@ -657,6 +658,14 @@ func sha1CurrentPatternProcessor(ctx *postProcessCtx, node *html.Node) {
|
||||||
// but that is not always the case.
|
// but that is not always the case.
|
||||||
// Although unlikely, deadbeef and 1234567 are valid short forms of SHA1 hash
|
// Although unlikely, deadbeef and 1234567 are valid short forms of SHA1 hash
|
||||||
// as used by git and github for linking and thus we have to do similar.
|
// as used by git and github for linking and thus we have to do similar.
|
||||||
|
// Because of this, we check to make sure that a matched hash is actually
|
||||||
|
// a commit in the repository before making it a link.
|
||||||
|
if ctx.metas["repoPath"] != "" {
|
||||||
|
if _, err := git.NewCommand("log", "-1", hash).RunInDirBytes(ctx.metas["repoPath"]); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
replaceContent(node, m[2], m[3],
|
replaceContent(node, m[2], m[3],
|
||||||
createCodeLink(util.URLJoin(setting.AppURL, ctx.metas["user"], ctx.metas["repo"], "commit", hash), base.ShortSha(hash)))
|
createCodeLink(util.URLJoin(setting.AppURL, ctx.metas["user"], ctx.metas["repo"], "commit", hash), base.ShortSha(hash)))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue