1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 05:20:56 +01:00

Avoid RuntimeException passing bogus "service" parameter to Diffusion commit view

Summary:
`PhabricatorRepository::parseRepositoryServicePath()` can return `null` per https://we.phorge.it/source/phorge/browse/master/src/applications/repository/storage/PhabricatorRepository.php;123831b53fb7572cba11e9c990dcb9d247614890$635, thus make the code in `DiffusionServeController:getRequestDirectoryPath()` at least not crash when handling `null` and instead fall back to serving a "403 This repository is read-only over HTTP."

There is probably a cleaner approach which I happily leave to any future person willing to figure it out.

Closes T15944

Test Plan: Go to http://phorge.localhost/rABCD0123456789abcdef0123456789abcdef01234567?service=foo

Reviewers: O1 Blessed Committers, 20after4

Reviewed By: O1 Blessed Committers, 20after4

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15944

Differential Revision: https://we.phorge.it/D25826
This commit is contained in:
Andre Klapper 2024-10-01 17:08:56 +02:00
parent 9cd62bdcc4
commit b0bf1c689a
2 changed files with 14 additions and 1 deletions

View file

@ -492,6 +492,9 @@ final class DiffusionServeController extends DiffusionController {
return $result;
}
/**
* @return bool
*/
private function isReadOnlyRequest(
PhabricatorRepository $repository) {
$request = $this->getRequest();
@ -652,6 +655,9 @@ final class DiffusionServeController extends DiffusionController {
return id(new DiffusionGitResponse())->setGitData($stdout);
}
/**
* @return string
*/
private function getRequestDirectoryPath(PhabricatorRepository $repository) {
$request = $this->getRequest();
$request_path = $request->getRequestURI()->getPath();
@ -659,7 +665,11 @@ final class DiffusionServeController extends DiffusionController {
$info = PhabricatorRepository::parseRepositoryServicePath(
$request_path,
$repository->getVersionControlSystem());
$base_path = $info['path'];
if ($info) {
$base_path = $info['path'];
} else {
$base_path = '';
}
// For Git repositories, strip an optional directory component if it
// isn't the name of a known Git resource. This allows users to clone

View file

@ -604,6 +604,9 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
return "/R{$id}:{$identifier}";
}
/**
* @return array|null
*/
public static function parseRepositoryServicePath($request_path, $vcs) {
$is_git = ($vcs == PhabricatorRepositoryType::REPOSITORY_TYPE_GIT);