1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-21 16:55:06 -05:00

Cap max size of federated repo list at 2048 bytes

This commit is contained in:
erik 2024-03-21 12:18:29 +01:00
parent 6055b4fca0
commit f327c0da24
2 changed files with 10 additions and 1 deletions

View file

@ -157,6 +157,10 @@ func IsValidFederatedRepoURLList(urls string) bool {
return true
}
func IsOfValidLength(str string) bool {
return len(str) <= 2048
}
var (
validUsernamePatternWithDots = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`)
validUsernamePatternWithoutDots = regexp.MustCompile(`^[\da-zA-Z][-\w]*$`)

View file

@ -197,6 +197,11 @@ func SettingsPost(ctx *context.Context) {
case form.FederationRepos == "":
repo.FederationRepos = ""
// Validate
case !validation.IsOfValidLength(form.FederationRepos): // ToDo: Use for public testing only. In production we might need longer strings.
ctx.Data["ERR_FederationRepos"] = true
ctx.Flash.Error("The given string was larger than 2048 bytes")
ctx.Redirect(repo.Link() + "/settings")
return
case validation.IsValidFederatedRepoURL(form.FederationRepos):
repo.FederationRepos = form.FederationRepos
default:
@ -205,7 +210,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Redirect(repo.Link() + "/settings")
return
}
// ToDo: Validate for max length before committing to db
if err := repo_service.UpdateRepository(ctx, repo, false); err != nil {
ctx.ServerError("UpdateRepository", err)
return