From 37fcc8daf2d7d86e4d0f8baaeab0b2e11e5ec8d0 Mon Sep 17 00:00:00 2001 From: Unknwon Date: Fri, 30 Jan 2015 18:05:20 -0500 Subject: [PATCH] modules/base: add RenderCommitMessage with XSS-safe and special links - update russian locale --- README.md | 2 +- README_ZH.md | 2 +- conf/locale/locale_ru-RU.ini | 18 +++++++++--------- gogs.go | 2 +- modules/base/markdown.go | 2 +- modules/base/template.go | 6 ++++++ routers/repo/commit.go | 4 ++-- routers/repo/view.go | 4 ++-- templates/.VERSION | 2 +- templates/repo/commits_table.tmpl | 2 +- templates/repo/diff.tmpl | 2 +- templates/repo/view_list.tmpl | 2 +- 12 files changed, 27 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index ebaa12b7f1..f85e7354fa 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Gogs(Go Git Service) is a painless self-hosted Git Service written in Go. ![Demo](http://gogs.qiniudn.com/gogs_demo.gif) -##### Current version: 0.5.11 Beta +##### Current version: 0.5.12 Beta ### NOTICES diff --git a/README_ZH.md b/README_ZH.md index 30b9e778ca..a67799ac30 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -5,7 +5,7 @@ Gogs(Go Git Service) 是一个基于 Go 语言的自助 Git 服务。 ![Demo](http://gogs.qiniudn.com/gogs_demo.gif) -##### 当前版本:0.5.11 Beta +##### 当前版本:0.5.12 Beta ## 开发目的 diff --git a/conf/locale/locale_ru-RU.ini b/conf/locale/locale_ru-RU.ini index bcc71f8db8..b0da5c550f 100755 --- a/conf/locale/locale_ru-RU.ini +++ b/conf/locale/locale_ru-RU.ini @@ -164,7 +164,7 @@ unable_verify_ssh_key=Gogs не может проверить ваш SSH-клю auth_failed=Ошибка аутентификации: %v still_own_repo=На вашем аккаунте все еще остается как минимум один репозиторий, сначала вам нужно удалить или передать его. -still_has_org=Your account still have membership of organization, you have to left or delete them first. +still_has_org=Вы находитесь в организации, сперва Вам необходимо покинуть ее или удалить. org_still_own_repo=Данная организация все еще является владельцем репозиториев, необходимо удалить или переместить их в начале. still_own_user=Эта проверка подлинности по-прежнему используется некоторыми пользователями, вы должны переместить их и затем снова удалить. @@ -631,22 +631,22 @@ config.db_path_helper=(for "sqlite3" only) config.service_config=Service Configuration config.register_email_confirm=Require E-mail Confirmation config.disable_register=Отключить регистрацию -config.require_sign_in_view=Require Sign In View -config.mail_notify=Mail Notification -config.enable_cache_avatar=Enable Cache Avatar +config.require_sign_in_view=Для просмотра необходима авторизация +config.mail_notify=Почтовые уведомления +config.enable_cache_avatar=Кешировать аватар config.active_code_lives=Active Code Lives config.reset_password_code_lives=Reset Password Code Lives config.webhook_config=Настройка автоматического обновления репозиции -config.task_interval=Task Interval -config.deliver_timeout=Deliver Timeout -config.mailer_config=Mailer Configuration +config.task_interval=Интервал задания +config.deliver_timeout=Задержка доставки +config.mailer_config=Настройки почты config.mailer_enabled=Включено config.mailer_name=Имя config.mailer_host=Сервер config.mailer_user=Пользователь config.oauth_config=Конфигурация OAuth config.oauth_enabled=Включено -config.cache_config=Cache Configuration +config.cache_config=Настройки кеша config.cache_adapter=Cache Adapter config.cache_interval=Cache Interval config.cache_conn=Cache Connection @@ -674,7 +674,7 @@ monitor.execute_times=Execute Times monitor.process=Запущенные процессы monitor.desc=Описание monitor.start=Start Time -monitor.execute_time=Execution Time +monitor.execute_time=Время выполнения notices.system_notice_list=Система уведомлений notices.type=Тип diff --git a/gogs.go b/gogs.go index 5711452d7c..a3c749cea3 100644 --- a/gogs.go +++ b/gogs.go @@ -17,7 +17,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.5.12.0120 Beta" +const APP_VER = "0.5.12.0130 Beta" func init() { runtime.GOMAXPROCS(runtime.NumCPU()) diff --git a/modules/base/markdown.go b/modules/base/markdown.go index b2f94c480b..2cd3617a8f 100644 --- a/modules/base/markdown.go +++ b/modules/base/markdown.go @@ -103,7 +103,7 @@ var ( MentionPattern = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`) commitPattern = regexp.MustCompile(`(\s|^)https?.*commit/[0-9a-zA-Z]+(#+[0-9a-zA-Z-]*)?`) issueFullPattern = regexp.MustCompile(`(\s|^)https?.*issues/[0-9]+(#+[0-9a-zA-Z-]*)?`) - issueIndexPattern = regexp.MustCompile(`#[0-9]+`) + issueIndexPattern = regexp.MustCompile(`( |^)#[0-9]+`) sha1CurrentPattern = regexp.MustCompile(`\b[0-9a-f]{40}\b`) ) diff --git a/modules/base/template.go b/modules/base/template.go index 829999d1c9..34caa4552b 100644 --- a/modules/base/template.go +++ b/modules/base/template.go @@ -90,6 +90,11 @@ func ToUtf8(content string) string { return res } +// RenderCommitMessage renders commit message with XSS-safe and special links. +func RenderCommitMessage(msg, urlPrefix string) template.HTML { + return template.HTML(string(RenderIssueIndexPattern([]byte(template.HTMLEscapeString(msg)), urlPrefix))) +} + var mailDomains = map[string]string{ "gmail.com": "gmail.com", } @@ -163,6 +168,7 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{ "EscapePound": func(str string) string { return strings.Replace(str, "#", "%23", -1) }, + "RenderCommitMessage": RenderCommitMessage, } type Actioner interface { diff --git a/routers/repo/commit.go b/routers/repo/commit.go index 4571b24f2a..e92ec8c88c 100644 --- a/routers/repo/commit.go +++ b/routers/repo/commit.go @@ -37,7 +37,7 @@ func RenderIssueLinks(oldCommits *list.List, repoLink string) *list.List { newCommits := list.New() for e := oldCommits.Front(); e != nil; e = e.Next() { c := e.Value.(*git.Commit) - c.CommitMessage = string(base.RenderIssueIndexPattern([]byte(c.CommitMessage), repoLink)) + c.CommitMessage = c.CommitMessage newCommits.PushBack(c) } return newCommits @@ -206,7 +206,7 @@ func Diff(ctx *middleware.Context) { commitId := ctx.Repo.CommitId commit := ctx.Repo.Commit - commit.CommitMessage = string(base.RenderIssueIndexPattern([]byte(commit.CommitMessage), ctx.Repo.RepoLink)) + commit.CommitMessage = commit.CommitMessage diff, err := models.GetDiffCommit(models.RepoPath(userName, repoName), commitId, setting.Git.MaxGitDiffLines) if err != nil { diff --git a/routers/repo/view.go b/routers/repo/view.go index 606a0da637..cb689df6a0 100644 --- a/routers/repo/view.go +++ b/routers/repo/view.go @@ -156,9 +156,9 @@ func Home(ctx *middleware.Context) { for _, f := range files { switch c := f[1].(type) { case *git.Commit: - c.CommitMessage = string(base.RenderIssueIndexPattern([]byte(c.CommitMessage), ctx.Repo.RepoLink)) + c.CommitMessage = c.CommitMessage case *git.SubModuleFile: - c.CommitMessage = string(base.RenderIssueIndexPattern([]byte(c.CommitMessage), ctx.Repo.RepoLink)) + c.CommitMessage = c.CommitMessage } } ctx.Data["Files"] = files diff --git a/templates/.VERSION b/templates/.VERSION index 36f8bef5b7..1674af9a21 100644 --- a/templates/.VERSION +++ b/templates/.VERSION @@ -1 +1 @@ -0.5.12.0120 Beta \ No newline at end of file +0.5.12.0130 Beta \ No newline at end of file diff --git a/templates/repo/commits_table.tmpl b/templates/repo/commits_table.tmpl index bd3777b46e..4c8141ab17 100644 --- a/templates/repo/commits_table.tmpl +++ b/templates/repo/commits_table.tmpl @@ -32,7 +32,7 @@ {{end}} {{SubStr .Id.String 0 10}} - {{Str2html .Summary}} + {{RenderCommitMessage .Summary $.RepoLink}} {{TimeSince .Author.When $.Lang}} {{end}} diff --git a/templates/repo/diff.tmpl b/templates/repo/diff.tmpl index 225175e8d1..8045351600 100644 --- a/templates/repo/diff.tmpl +++ b/templates/repo/diff.tmpl @@ -17,7 +17,7 @@
{{.i18n.Tr "repo.diff.browse_source"}} -

{{Str2html .Commit.Message}}

+

{{RenderCommitMessage .Commit.Message $.RepoLink}}

diff --git a/templates/repo/view_list.tmpl b/templates/repo/view_list.tmpl index fed91effa7..7bb9ffef7f 100644 --- a/templates/repo/view_list.tmpl +++ b/templates/repo/view_list.tmpl @@ -53,7 +53,7 @@ {{SubStr $commit.Id.String 0 10}} - {{Str2html $commit.Summary}} + {{RenderCommitMessage $commit.Summary $.RepoLink}} {{TimeSince $commit.Committer.When $.Lang}}