1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-21 22:32:41 +01:00

Avoid RuntimeException passing bogus "service" parameter to Diffusion commit view

Summary:
`PhabricatorRepository::parseRepositoryServicePath()` can return `null` per https://we.phorge.it/source/phorge/browse/master/src/applications/repository/storage/PhabricatorRepository.php;123831b53fb7572cba11e9c990dcb9d247614890$635, thus make the code in `DiffusionServeController:getRequestDirectoryPath()` at least not crash when handling `null` and instead fall back to serving a "403 This repository is read-only over HTTP."

There is probably a cleaner approach which I happily leave to any future person willing to figure it out.

Closes T15944

Test Plan: Go to http://phorge.localhost/rABCD0123456789abcdef0123456789abcdef01234567?service=foo

Reviewers: O1 Blessed Committers, 20after4

Reviewed By: O1 Blessed Committers, 20after4

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15944

Differential Revision: https://we.phorge.it/D25826
This commit is contained in:
Andre Klapper 2024-10-01 17:08:56 +02:00
parent 9cd62bdcc4
commit b0bf1c689a
2 changed files with 14 additions and 1 deletions

View file

@ -492,6 +492,9 @@ final class DiffusionServeController extends DiffusionController {
return $result; return $result;
} }
/**
* @return bool
*/
private function isReadOnlyRequest( private function isReadOnlyRequest(
PhabricatorRepository $repository) { PhabricatorRepository $repository) {
$request = $this->getRequest(); $request = $this->getRequest();
@ -652,6 +655,9 @@ final class DiffusionServeController extends DiffusionController {
return id(new DiffusionGitResponse())->setGitData($stdout); return id(new DiffusionGitResponse())->setGitData($stdout);
} }
/**
* @return string
*/
private function getRequestDirectoryPath(PhabricatorRepository $repository) { private function getRequestDirectoryPath(PhabricatorRepository $repository) {
$request = $this->getRequest(); $request = $this->getRequest();
$request_path = $request->getRequestURI()->getPath(); $request_path = $request->getRequestURI()->getPath();
@ -659,7 +665,11 @@ final class DiffusionServeController extends DiffusionController {
$info = PhabricatorRepository::parseRepositoryServicePath( $info = PhabricatorRepository::parseRepositoryServicePath(
$request_path, $request_path,
$repository->getVersionControlSystem()); $repository->getVersionControlSystem());
if ($info) {
$base_path = $info['path']; $base_path = $info['path'];
} else {
$base_path = '';
}
// For Git repositories, strip an optional directory component if it // For Git repositories, strip an optional directory component if it
// isn't the name of a known Git resource. This allows users to clone // isn't the name of a known Git resource. This allows users to clone

View file

@ -604,6 +604,9 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
return "/R{$id}:{$identifier}"; return "/R{$id}:{$identifier}";
} }
/**
* @return array|null
*/
public static function parseRepositoryServicePath($request_path, $vcs) { public static function parseRepositoryServicePath($request_path, $vcs) {
$is_git = ($vcs == PhabricatorRepositoryType::REPOSITORY_TYPE_GIT); $is_git = ($vcs == PhabricatorRepositoryType::REPOSITORY_TYPE_GIT);