tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-19 00:38:36 +00:00
Code Releases Activity

Fix url validation in webhook add/edit API (#34492) (#34496)

Browse Source 
Backport #34492 by @lunny

Fix #34491

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Giteabot
2025-05-18 06:31:36 +08:00
committed by GitHub
parent 21731c1370
commit 8bf4f2cc8f
3 changed files with 112 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
routers/api/v1/utils/hook.go
View File

@@ -15,6 +15,7 @@ import (
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/validation"
webhook_module "code.gitea.io/gitea/modules/webhook"
"code.gitea.io/gitea/services/context"
webhook_service "code.gitea.io/gitea/services/webhook"
@@ -92,6 +93,10 @@ func checkCreateHookOption(ctx *context.APIContext, form *api.CreateHookOption)
ctx.APIError(http.StatusUnprocessableEntity, "Invalid content type")
return false
}
if !validation.IsValidURL(form.Config["url"]) {
ctx.APIError(http.StatusUnprocessableEntity, "Invalid url")
return false
}
return true
}
@@ -324,6 +329,10 @@ func EditRepoHook(ctx *context.APIContext, form *api.EditHookOption, hookID int6
func editHook(ctx *context.APIContext, form *api.EditHookOption, w *webhook.Webhook) bool {
if form.Config != nil {
if url, ok := form.Config["url"]; ok {
if !validation.IsValidURL(url) {
ctx.APIError(http.StatusUnprocessableEntity, "Invalid url")
return false
}
w.URL = url
}
if ct, ok := form.Config["content_type"]; ok {