mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-06-08 16:39:33 +00:00
[skip ci] wip: sanitize git push options instead of rejecting unknown ones
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
This commit is contained in:
parent
09855c0caf
commit
6a5185adc0
|
@ -8,6 +8,7 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"slices"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
asymkey_model "code.gitea.io/gitea/models/asymkey"
|
||||
|
@ -127,22 +128,13 @@ func (ctx *preReceiveContext) validatePushOptions() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
changesRepoSettings := false
|
||||
for key := range opts.GitPushOptions {
|
||||
switch key {
|
||||
case private.GitPushOptionRepoPrivate, private.GitPushOptionRepoTemplate:
|
||||
changesRepoSettings = true
|
||||
case "topic", "force-push", "title", "description":
|
||||
// Agit options
|
||||
default:
|
||||
return fmt.Errorf("unknown option %s", key)
|
||||
return ctx.canChangeSettings()
|
||||
}
|
||||
}
|
||||
|
||||
if changesRepoSettings {
|
||||
return ctx.canChangeSettings()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -156,10 +148,34 @@ func (ctx *preReceiveContext) assertPushOptions() bool {
|
|||
return true
|
||||
}
|
||||
|
||||
func sanitizePushOptions(opts private.GitPushOptions) private.GitPushOptions {
|
||||
validOptions := []string{
|
||||
// push-to-create options
|
||||
private.GitPushOptionRepoPrivate,
|
||||
private.GitPushOptionRepoTemplate,
|
||||
// AGit options
|
||||
"topic",
|
||||
"force-push",
|
||||
"title",
|
||||
"description",
|
||||
}
|
||||
var sanitizedOpts private.GitPushOptions
|
||||
|
||||
for key := range opts {
|
||||
if slices.Contains(validOptions, key) {
|
||||
sanitizedOpts[key] = opts[key]
|
||||
}
|
||||
}
|
||||
|
||||
return sanitizedOpts
|
||||
}
|
||||
|
||||
// HookPreReceive checks whether a individual commit is acceptable
|
||||
func HookPreReceive(ctx *gitea_context.PrivateContext) {
|
||||
opts := web.GetForm(ctx).(*private.HookOptions)
|
||||
|
||||
opts.GitPushOptions = sanitizePushOptions(opts.GitPushOptions)
|
||||
|
||||
ourCtx := &preReceiveContext{
|
||||
PrivateContext: ctx,
|
||||
env: generateGitEnv(opts), // Generate git environment for checking commits
|
||||
|
|
Loading…
Reference in a new issue