davrot/forgejo_backup
1
0
Fork 0
mirror of https://codeberg.org/davrot/forgejo.git synced 2025-06-11 08:00:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: make hash pattern more strict (#7775)

Browse source 
- Ensure that the last path is `commit/`, `tree/` or `blob/`.
- Resolves forgejo/forgejo#7767
- Follow up forgejo/forgejo#6784
- Added unit test

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7775
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
This commit is contained in:
Gusted 2025-05-05 05:29:55 +00:00 committed by Earl Warren
parent 52f20da52a
commit 2a568f3b82
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/markup/html.go
View file

@ -55,7 +55,7 @@ var (
shortLinkPattern = regexp.MustCompile(`\[\[(.*?)\]\](\w*)`)
// anyHashPattern splits url containing SHA into parts
anyHashPattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,64})(/[-+~_%.a-zA-Z0-9/]+)?(\?[-+~_%\.a-zA-Z0-9=&]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
anyHashPattern = regexp.MustCompile(`https?://(?:(?:\S+/){3,4}(?:commit|tree|blob)/)([0-9a-f]{7,64})(/[-+~_%.a-zA-Z0-9/]+)?(\?[-+~_%\.a-zA-Z0-9=&]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
// comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash"
comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,64})(\.\.\.?)([0-9a-f]{7,64})?(#[-+~_%.a-zA-Z0-9]+)?`)