1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-07 05:11:05 +01:00
phorge-phorge/resources/sql/autopatches/20160110.repo.02.slug.php
epriestley 0b3d10c3da Enforce sensible, unique clone/checkout names for repositories
Summary:
Fixes T7938.

  - Primarily, users can currently shoot themselves in the foot by putting `../../etc/passwd` and other similar nonsense in these fields (this is not dangerous, but also does not work). Require sensible names.
  - Enforce uniqueness so these names can be used in URIs and as identifiers in the future.
  - (This doesn't start actually using them for anything fancy yet.)

Test Plan:
  - Gave several repositories clone names: a valid name, two duplicate names, an invalid, name, some with no names.
  - Ran migrations.
  - Got clean conversion for valid names, appropriate errors for invalid/duplicate names.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7938

Differential Revision: https://secure.phabricator.com/D14986
2016-01-11 02:06:44 -08:00

49 lines
1.2 KiB
PHP

<?php
$table = new PhabricatorRepository();
$conn_w = $table->establishConnection('w');
foreach (new LiskMigrationIterator($table) as $repository) {
$slug = $repository->getRepositorySlug();
if ($slug !== null) {
continue;
}
$clone_name = $repository->getDetail('clone-name');
if (!strlen($clone_name)) {
continue;
}
if (!PhabricatorRepository::isValidRepositorySlug($clone_name)) {
echo tsprintf(
"%s\n",
pht(
'Repository "%s" has a "Clone/Checkout As" name which is no longer '.
'valid ("%s"). You can edit the repository to give it a new, valid '.
'short name.',
$repository->getDisplayName(),
$clone_name));
continue;
}
try {
queryfx(
$conn_w,
'UPDATE %T SET repositorySlug = %s WHERE id = %d',
$table->getTableName(),
$clone_name,
$repository->getID());
} catch (AphrontDuplicateKeyQueryException $ex) {
echo tsprintf(
"%s\n",
pht(
'Repository "%s" has a duplicate "Clone/Checkout As" name ("%s"). '.
'Each name must now be unique. You can edit the repository to give '.
'it a new, unique short name.',
$repository->getDisplayName(),
$clone_name));
}
}