domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Improve URL validation for external wiki and external issues (#4710)

Browse source 
* Improve URL validation for external wiki  and external issues

* Do not allow also localhost address for external URLs
This commit is contained in:
Lauris BH 2018-08-15 09:29:37 +03:00 committed by GitHub
parent 0449330dbc
commit 92466129ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 180 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/validation/binding.go
View file

@ -6,7 +6,6 @@ package validation
import (
"fmt"
"net/url"
"regexp"
"strings"
@ -70,13 +69,9 @@ func addValidURLBindingRule() {
},
IsValid: func(errs binding.Errors, name string, val interface{}) (bool, binding.Errors) {
str := fmt.Sprintf("%v", val)
if len(str) != 0 {
if u, err := url.ParseRequestURI(str); err != nil ||
(u.Scheme != "http" && u.Scheme != "https") ||
!validPort(portOnly(u.Host)) {
errs.Add([]string{name}, binding.ERR_URL, "Url")
return false, errs
}
if len(str) != 0 && !IsValidURL(str) {
errs.Add([]string{name}, binding.ERR_URL, "Url")
return false, errs
}
return true, errs