1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-23 08:47:42 -05:00
forgejo/routers
Giteabot 4ffa683820
Fix panic in storageHandler (#27446) (#27478)
Backport #27446 by @sryze

storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).

Example CURL command to trigger the panic:

```
curl -I "http://yourhost/gitea//avatars/a"
```

Fixes #27409

---

Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.

Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)

Co-authored-by: Sergey Zolotarev <sryze@outlook.com>
2023-10-06 16:51:04 +02:00
..
api Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27162) 2023-09-21 12:14:59 +02:00
common Fix admin config page error, use tests to cover the admin config and 500 error page (#24965) 2023-05-29 15:00:21 +00:00
install Use docs.gitea.com instead of docs.gitea.io (#26769) 2023-08-28 19:58:16 +08:00
private Fix verifyCommits error when push a new branch (#26664) (#26810) 2023-08-31 15:29:55 +00:00
utils Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
web Fix panic in storageHandler (#27446) (#27478) 2023-10-06 16:51:04 +02:00
init.go Refactor path & config system (#25330) (#25416) 2023-06-22 16:27:18 +00:00