summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorayb <ayb@3hg.fr>2021-06-26 00:38:27 +0200
committerGitHub <noreply@github.com>2021-06-26 00:38:27 +0200
commit9b33d18899b7e825e4754969ffcc9d7b541d2d28 (patch)
tree0e6a0ea1f7062b18cdaa426b3d2eb42d9ca7ac2a /modules
parentFuzzer finds an NPE due to incorrect URLPrefix (#16249) (diff)
downloadforgejo-9b33d18899b7e825e4754969ffcc9d7b541d2d28.tar.xz
forgejo-9b33d18899b7e825e4754969ffcc9d7b541d2d28.zip
Added support for gopher URLs. (#14749)
* Added support for gopher URLs. * Add setting and make this user settable instead Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules')
-rw-r--r--modules/setting/service.go12
-rw-r--r--modules/validation/binding.go19
-rw-r--r--modules/validation/helpers.go19
3 files changed, 50 insertions, 0 deletions
diff --git a/modules/setting/service.go b/modules/setting/service.go
index 41e834e8e6..bd70c7e6eb 100644
--- a/modules/setting/service.go
+++ b/modules/setting/service.go
@@ -6,6 +6,7 @@ package setting
import (
"regexp"
+ "strings"
"time"
"code.gitea.io/gitea/modules/log"
@@ -55,6 +56,7 @@ var Service struct {
AutoWatchOnChanges bool
DefaultOrgMemberVisible bool
UserDeleteWithCommentsMaxTime time.Duration
+ ValidSiteURLSchemes []string
// OpenID settings
EnableOpenIDSignIn bool
@@ -120,6 +122,16 @@ func newService() {
Service.DefaultOrgVisibilityMode = structs.VisibilityModes[Service.DefaultOrgVisibility]
Service.DefaultOrgMemberVisible = sec.Key("DEFAULT_ORG_MEMBER_VISIBLE").MustBool()
Service.UserDeleteWithCommentsMaxTime = sec.Key("USER_DELETE_WITH_COMMENTS_MAX_TIME").MustDuration(0)
+ sec.Key("VALID_SITE_URL_SCHEMES").MustString("http,https")
+ Service.ValidSiteURLSchemes = sec.Key("VALID_SITE_URL_SCHEMES").Strings(",")
+ schemes := make([]string, len(Service.ValidSiteURLSchemes))
+ for _, scheme := range Service.ValidSiteURLSchemes {
+ scheme = strings.ToLower(strings.TrimSpace(scheme))
+ if scheme != "" {
+ schemes = append(schemes, scheme)
+ }
+ }
+ Service.ValidSiteURLSchemes = schemes
if err := Cfg.Section("service.explore").MapTo(&Service.Explore); err != nil {
log.Fatal("Failed to map service.explore settings: %v", err)
diff --git a/modules/validation/binding.go b/modules/validation/binding.go
index 4cef48daf3..5d5c64611f 100644
--- a/modules/validation/binding.go
+++ b/modules/validation/binding.go
@@ -55,6 +55,7 @@ func CheckGitRefAdditionalRulesValid(name string) bool {
func AddBindingRules() {
addGitRefNameBindingRule()
addValidURLBindingRule()
+ addValidSiteURLBindingRule()
addGlobPatternRule()
addRegexPatternRule()
addGlobOrRegexPatternRule()
@@ -102,6 +103,24 @@ func addValidURLBindingRule() {
})
}
+func addValidSiteURLBindingRule() {
+ // URL validation rule
+ binding.AddRule(&binding.Rule{
+ IsMatch: func(rule string) bool {
+ return strings.HasPrefix(rule, "ValidSiteUrl")
+ },
+ IsValid: func(errs binding.Errors, name string, val interface{}) (bool, binding.Errors) {
+ str := fmt.Sprintf("%v", val)
+ if len(str) != 0 && !IsValidSiteURL(str) {
+ errs.Add([]string{name}, binding.ERR_URL, "Url")
+ return false, errs
+ }
+
+ return true, errs
+ },
+ })
+}
+
func addGlobPatternRule() {
binding.AddRule(&binding.Rule{
IsMatch: func(rule string) bool {
diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go
index c22e667a2e..343261aac5 100644
--- a/modules/validation/helpers.go
+++ b/modules/validation/helpers.go
@@ -52,6 +52,25 @@ func IsValidURL(uri string) bool {
return true
}
+// IsValidSiteURL checks if URL is valid
+func IsValidSiteURL(uri string) bool {
+ u, err := url.ParseRequestURI(uri)
+ if err != nil {
+ return false
+ }
+
+ if !validPort(portOnly(u.Host)) {
+ return false
+ }
+
+ for _, scheme := range setting.Service.ValidSiteURLSchemes {
+ if scheme == u.Scheme {
+ return true
+ }
+ }
+ return false
+}
+
// IsAPIURL checks if URL is current Gitea instance API URL
func IsAPIURL(uri string) bool {
return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api"))