mirror of
https://github.com/go-gitea/gitea
synced 2025-01-22 07:34:26 +00:00
Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472)
* Don't panic & allow shorter sha1 - Don't panic when the full regex isn't matched and allow the usage of a shorter sha1 being used. - Resolves #18471 * Update modules/markup/html.go Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
b2250d2fb3
commit
72256c16a8
@ -55,7 +55,7 @@ var (
|
|||||||
anySHA1Pattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(/[-+~_%.a-zA-Z0-9/]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
|
anySHA1Pattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(/[-+~_%.a-zA-Z0-9/]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
|
||||||
|
|
||||||
// comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash"
|
// comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash"
|
||||||
comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(\.\.\.?)([0-9a-f]{40})?(#[-+~_%.a-zA-Z0-9]+)?`)
|
comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,40})(\.\.\.?)([0-9a-f]{7,40})?(#[-+~_%.a-zA-Z0-9]+)?`)
|
||||||
|
|
||||||
validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`)
|
validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`)
|
||||||
|
|
||||||
@ -946,6 +946,13 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensure that every group (m[0]...m[7]) has a match
|
||||||
|
for i := 0; i < 8; i++ {
|
||||||
|
if m[i] == -1 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
urlFull := node.Data[m[0]:m[1]]
|
urlFull := node.Data[m[0]:m[1]]
|
||||||
text1 := base.ShortSha(node.Data[m[2]:m[3]])
|
text1 := base.ShortSha(node.Data[m[2]:m[3]])
|
||||||
textDots := base.ShortSha(node.Data[m[4]:m[5]])
|
textDots := base.ShortSha(node.Data[m[4]:m[5]])
|
||||||
|
@ -548,3 +548,16 @@ func TestFuzz(t *testing.T) {
|
|||||||
|
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIssue18471(t *testing.T) {
|
||||||
|
data := `http://domain/org/repo/compare/783b039...da951ce`
|
||||||
|
|
||||||
|
var res strings.Builder
|
||||||
|
err := PostProcess(&RenderContext{
|
||||||
|
URLPrefix: "https://example.com",
|
||||||
|
Metas: localMetas,
|
||||||
|
}, strings.NewReader(data), &res)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, res.String(), "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">783b039...da951ce</code></a>")
|
||||||
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user