1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 20:40:56 +01:00

Reject SCP-style URIs with explicit protocols in Diffusion

Summary:
Fixes T3619. These URIs are valid:

  git@domain.com:/path        (Git SCP-style implicit SSH)
  ssh://git@domain.com/path   (Explicit SSH)

This URI, arrived at by adding "ssh://" to the front of an SCP-style URI, is not:

  ssh://git@domain.com:/path

Detect URIs in this form and reject them. See T3619.

Test Plan:
{F75486}

Also set some valid URIs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3619

Differential Revision: https://secure.phabricator.com/D7431
This commit is contained in:
epriestley 2013-10-26 22:32:13 -07:00
parent 59922b78b9
commit c749fcc192
2 changed files with 15 additions and 2 deletions

View file

@ -1642,7 +1642,6 @@ phutil_register_library_map(array(
'PhabricatorRepositoryController' => 'applications/repository/controller/PhabricatorRepositoryController.php',
'PhabricatorRepositoryDAO' => 'applications/repository/storage/PhabricatorRepositoryDAO.php',
'PhabricatorRepositoryDiscoveryEngine' => 'applications/repository/engine/PhabricatorRepositoryDiscoveryEngine.php',
'PhabricatorRepositoryEditController' => 'applications/repository/controller/PhabricatorRepositoryEditController.php',
'PhabricatorRepositoryEditor' => 'applications/repository/editor/PhabricatorRepositoryEditor.php',
'PhabricatorRepositoryEngine' => 'applications/repository/engine/PhabricatorRepositoryEngine.php',
'PhabricatorRepositoryGitCommitChangeParserWorker' => 'applications/repository/worker/commitchangeparser/PhabricatorRepositoryGitCommitChangeParserWorker.php',
@ -3981,7 +3980,6 @@ phutil_register_library_map(array(
'PhabricatorRepositoryController' => 'PhabricatorController',
'PhabricatorRepositoryDAO' => 'PhabricatorLiskDAO',
'PhabricatorRepositoryDiscoveryEngine' => 'PhabricatorRepositoryEngine',
'PhabricatorRepositoryEditController' => 'PhabricatorRepositoryController',
'PhabricatorRepositoryEditor' => 'PhabricatorApplicationTransactionEditor',
'PhabricatorRepositoryGitCommitChangeParserWorker' => 'PhabricatorRepositoryCommitChangeParserWorker',
'PhabricatorRepositoryGitCommitMessageParserWorker' => 'PhabricatorRepositoryCommitMessageParserWorker',

View file

@ -457,6 +457,21 @@ final class DiffusionRepositoryCreateController
}
}
// Catch confusion between Git/SCP-style URIs and normal URIs. See T3619
// for discussion. This is usually a user adding "ssh://" to an implicit
// SSH Git URI.
if ($proto == 'ssh') {
if (preg_match('(^[^:@]+://[^/:]+:[^\d])', $v_remote)) {
$c_remote->setError(pht('Invalid'));
$page->addPageError(
pht(
"The Remote URI is not formatted correctly. Remote URIs ".
"with an explicit protocol should be in the form ".
"'proto://domain/path', not 'proto://domain:/path'. ".
"The ':/path' syntax is only valid in SCP-style URIs."));
}
}
switch ($proto) {
case 'ssh':
case 'http':