mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-20 20:40:56 +01:00
Reject SCP-style URIs with explicit protocols in Diffusion
Summary: Fixes T3619. These URIs are valid: git@domain.com:/path (Git SCP-style implicit SSH) ssh://git@domain.com/path (Explicit SSH) This URI, arrived at by adding "ssh://" to the front of an SCP-style URI, is not: ssh://git@domain.com:/path Detect URIs in this form and reject them. See T3619. Test Plan: {F75486} Also set some valid URIs. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3619 Differential Revision: https://secure.phabricator.com/D7431
This commit is contained in:
parent
59922b78b9
commit
c749fcc192
2 changed files with 15 additions and 2 deletions
|
@ -1642,7 +1642,6 @@ phutil_register_library_map(array(
|
|||
'PhabricatorRepositoryController' => 'applications/repository/controller/PhabricatorRepositoryController.php',
|
||||
'PhabricatorRepositoryDAO' => 'applications/repository/storage/PhabricatorRepositoryDAO.php',
|
||||
'PhabricatorRepositoryDiscoveryEngine' => 'applications/repository/engine/PhabricatorRepositoryDiscoveryEngine.php',
|
||||
'PhabricatorRepositoryEditController' => 'applications/repository/controller/PhabricatorRepositoryEditController.php',
|
||||
'PhabricatorRepositoryEditor' => 'applications/repository/editor/PhabricatorRepositoryEditor.php',
|
||||
'PhabricatorRepositoryEngine' => 'applications/repository/engine/PhabricatorRepositoryEngine.php',
|
||||
'PhabricatorRepositoryGitCommitChangeParserWorker' => 'applications/repository/worker/commitchangeparser/PhabricatorRepositoryGitCommitChangeParserWorker.php',
|
||||
|
@ -3981,7 +3980,6 @@ phutil_register_library_map(array(
|
|||
'PhabricatorRepositoryController' => 'PhabricatorController',
|
||||
'PhabricatorRepositoryDAO' => 'PhabricatorLiskDAO',
|
||||
'PhabricatorRepositoryDiscoveryEngine' => 'PhabricatorRepositoryEngine',
|
||||
'PhabricatorRepositoryEditController' => 'PhabricatorRepositoryController',
|
||||
'PhabricatorRepositoryEditor' => 'PhabricatorApplicationTransactionEditor',
|
||||
'PhabricatorRepositoryGitCommitChangeParserWorker' => 'PhabricatorRepositoryCommitChangeParserWorker',
|
||||
'PhabricatorRepositoryGitCommitMessageParserWorker' => 'PhabricatorRepositoryCommitMessageParserWorker',
|
||||
|
|
|
@ -457,6 +457,21 @@ final class DiffusionRepositoryCreateController
|
|||
}
|
||||
}
|
||||
|
||||
// Catch confusion between Git/SCP-style URIs and normal URIs. See T3619
|
||||
// for discussion. This is usually a user adding "ssh://" to an implicit
|
||||
// SSH Git URI.
|
||||
if ($proto == 'ssh') {
|
||||
if (preg_match('(^[^:@]+://[^/:]+:[^\d])', $v_remote)) {
|
||||
$c_remote->setError(pht('Invalid'));
|
||||
$page->addPageError(
|
||||
pht(
|
||||
"The Remote URI is not formatted correctly. Remote URIs ".
|
||||
"with an explicit protocol should be in the form ".
|
||||
"'proto://domain/path', not 'proto://domain:/path'. ".
|
||||
"The ':/path' syntax is only valid in SCP-style URIs."));
|
||||
}
|
||||
}
|
||||
|
||||
switch ($proto) {
|
||||
case 'ssh':
|
||||
case 'http':
|
||||
|
|
Loading…
Reference in a new issue