mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-24 08:57:03 -05:00
4ffa683820
Backport #27446 by @sryze storageHandler() is written as a middleware but is used as an endpoint handler, and thus `next` is actually `nil`, which causes a null pointer dereference when a request URL does not match the pattern (where it calls `next.ServerHTTP()`). Example CURL command to trigger the panic: ``` curl -I "http://yourhost/gitea//avatars/a" ``` Fixes #27409 --- Note: the diff looks big but it's actually a small change - all I did was to remove the outer closure (and one level of indentation) ~and removed the HTTP method and pattern checks as they seem redundant because go-chi already does those checks~. You might want to check "Hide whitespace" when reviewing it. Alternative solution (a bit simpler): append `, misc.DummyOK` to the route declarations that utilize `storageHandler()` - this makes it return an empty response when the URL is invalid. I've tested this one and it works too. Or maybe it would be better to return a 400 error in that case (?) Co-authored-by: Sergey Zolotarev <sryze@outlook.com> |
||
---|---|---|
.. | ||
admin | ||
auth | ||
devtest | ||
events | ||
explore | ||
feed | ||
healthcheck | ||
misc | ||
org | ||
repo | ||
shared | ||
user | ||
auth.go | ||
auth_windows.go | ||
base.go | ||
goget.go | ||
home.go | ||
metrics.go | ||
nodeinfo.go | ||
swagger_json.go | ||
web.go | ||
webfinger.go |