1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-24 08:57:03 -05:00

Cap max size of federated repo list at 2048 bytes

This commit is contained in:
erik 2024-03-21 12:18:29 +01:00
parent 6055b4fca0
commit f327c0da24
2 changed files with 10 additions and 1 deletions

View file

@ -157,6 +157,10 @@ func IsValidFederatedRepoURLList(urls string) bool {
return true return true
} }
func IsOfValidLength(str string) bool {
return len(str) <= 2048
}
var ( var (
validUsernamePatternWithDots = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`) validUsernamePatternWithDots = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`)
validUsernamePatternWithoutDots = regexp.MustCompile(`^[\da-zA-Z][-\w]*$`) validUsernamePatternWithoutDots = regexp.MustCompile(`^[\da-zA-Z][-\w]*$`)

View file

@ -197,6 +197,11 @@ func SettingsPost(ctx *context.Context) {
case form.FederationRepos == "": case form.FederationRepos == "":
repo.FederationRepos = "" repo.FederationRepos = ""
// Validate // Validate
case !validation.IsOfValidLength(form.FederationRepos): // ToDo: Use for public testing only. In production we might need longer strings.
ctx.Data["ERR_FederationRepos"] = true
ctx.Flash.Error("The given string was larger than 2048 bytes")
ctx.Redirect(repo.Link() + "/settings")
return
case validation.IsValidFederatedRepoURL(form.FederationRepos): case validation.IsValidFederatedRepoURL(form.FederationRepos):
repo.FederationRepos = form.FederationRepos repo.FederationRepos = form.FederationRepos
default: default:
@ -205,7 +210,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Redirect(repo.Link() + "/settings") ctx.Redirect(repo.Link() + "/settings")
return return
} }
// ToDo: Validate for max length before committing to db
if err := repo_service.UpdateRepository(ctx, repo, false); err != nil { if err := repo_service.UpdateRepository(ctx, repo, false); err != nil {
ctx.ServerError("UpdateRepository", err) ctx.ServerError("UpdateRepository", err)
return return