Skip to content

Commit 23b43cd

Browse files
zeripathzeripath
committed
Redirect on bad paths
Signed-off-by: Andrew Thornton <[email protected]>
1 parent 6cccf32 commit 23b43cd

File tree

2 files changed

+51
-9
lines changed

2 files changed

+51
-9
lines changed

models/repo_editor.go

Lines changed: 21 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -455,33 +455,48 @@ func (repo *Repository) DeleteRepoFile(doer *User, opts DeleteRepoFileOptions) (
455455
// Do a bare shared clone into tmpBasePath and
456456
// make HEAD to point to the OldBranch tree
457457
if err := repo.bareClone(tmpBasePath, opts.OldBranch); err != nil {
458-
return fmt.Errorf("UpdateRepoFile: %s", err)
458+
return fmt.Errorf("DeleteRepoFile: %v", err)
459459
}
460460

461461
// Set the default index
462462
if err := repo.setDefaultIndex(tmpBasePath); err != nil {
463-
return fmt.Errorf("UpdateRepoFile: %v", err)
463+
return fmt.Errorf("DeleteRepoFile: %v", err)
464+
}
465+
466+
filelist, err := repo.lsFiles(tmpBasePath, opts.TreePath)
467+
if err != nil {
468+
return fmt.Errorf("DeleteRepoFile: %v", err)
469+
}
470+
471+
inFilelist := false
472+
for _, file := range filelist {
473+
if file == opts.TreePath {
474+
inFilelist = true
475+
}
476+
}
477+
if !inFilelist {
478+
return git.ErrNotExist{RelPath: opts.TreePath}
464479
}
465480

466481
if err := repo.removeFilesFromIndex(tmpBasePath, opts.TreePath); err != nil {
467-
return err
482+
return fmt.Errorf("DeleteRepoFile: %v", err)
468483
}
469484

470485
// Now write the tree
471486
treeHash, err := repo.writeTree(tmpBasePath)
472487
if err != nil {
473-
return err
488+
return fmt.Errorf("DeleteRepoFile: %v", err)
474489
}
475490

476491
// Now commit the tree
477492
commitHash, err := repo.commitTree(tmpBasePath, doer, treeHash, opts.Message)
478493
if err != nil {
479-
return err
494+
return fmt.Errorf("DeleteRepoFile: %v", err)
480495
}
481496

482497
// Then push this tree to NewBranch
483498
if err := repo.actuallyPush(tmpBasePath, doer, commitHash, opts.NewBranch); err != nil {
484-
return err
499+
return fmt.Errorf("DeleteRepoFile: %v", err)
485500
}
486501

487502
// Simulate push event.

routers/repo/editor.go

Lines changed: 30 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,16 @@ func editFile(ctx *context.Context, isNewFile bool) {
6262
ctx.Data["RequireSimpleMDE"] = true
6363
canCommit := renderCommitRights(ctx)
6464

65+
treePath := cleanUploadFileName(ctx.Repo.TreePath)
66+
if treePath != ctx.Repo.TreePath {
67+
if isNewFile {
68+
ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_new", ctx.Repo.BranchName, treePath))
69+
} else {
70+
ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_edit", ctx.Repo.BranchName, treePath))
71+
}
72+
return
73+
}
74+
6575
treeNames, treePaths := getParentTreeFields(ctx.Repo.TreePath)
6676

6777
if !isNewFile {
@@ -155,7 +165,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
155165

156166
oldBranchName := ctx.Repo.BranchName
157167
branchName := oldBranchName
158-
oldTreePath := ctx.Repo.TreePath
168+
oldTreePath := cleanUploadFileName(ctx.Repo.TreePath)
159169
lastCommit := form.LastCommit
160170
form.LastCommit = ctx.Repo.Commit.ID.String()
161171

@@ -328,7 +338,11 @@ func NewFilePost(ctx *context.Context, form auth.EditRepoFileForm) {
328338

329339
// DiffPreviewPost render preview diff page
330340
func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm) {
331-
treePath := ctx.Repo.TreePath
341+
treePath := cleanUploadFileName(ctx.Repo.TreePath)
342+
if len(treePath) == 0 {
343+
ctx.Error(500, "file name to diff is invalid")
344+
return
345+
}
332346

333347
entry, err := ctx.Repo.Commit.GetTreeEntryByPath(treePath)
334348
if err != nil {
@@ -358,7 +372,14 @@ func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm) {
358372
func DeleteFile(ctx *context.Context) {
359373
ctx.Data["PageIsDelete"] = true
360374
ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
361-
ctx.Data["TreePath"] = ctx.Repo.TreePath
375+
treePath := cleanUploadFileName(ctx.Repo.TreePath)
376+
377+
if treePath != ctx.Repo.TreePath {
378+
ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_delete", ctx.Repo.BranchName, treePath))
379+
return
380+
}
381+
382+
ctx.Data["TreePath"] = treePath
362383
canCommit := renderCommitRights(ctx)
363384

364385
ctx.Data["commit_summary"] = ""
@@ -453,6 +474,12 @@ func UploadFile(ctx *context.Context) {
453474
ctx.Data["PageIsUpload"] = true
454475
renderUploadSettings(ctx)
455476
canCommit := renderCommitRights(ctx)
477+
treePath := cleanUploadFileName(ctx.Repo.TreePath)
478+
if treePath != ctx.Repo.TreePath {
479+
ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_upload", ctx.Repo.BranchName, treePath))
480+
return
481+
}
482+
ctx.Repo.TreePath = treePath
456483

457484
treeNames, treePaths := getParentTreeFields(ctx.Repo.TreePath)
458485
if len(treeNames) == 0 {

0 commit comments

Comments
 (0)