vividtone · April 23, 2021 05:04
diff --git a/r20962-for-3_4-stable.diff b/r20962-for-3_4-stable.diff
 Index: app/controllers/repositories_controller.rb
 ===================================================================
 --- app/controllers/repositories_controller.rb	(リビジョン 20965)
 +++ app/controllers/repositories_controller.rb	(作業コピー)
 @@ -299,7 +299,7 @@
     render_404
   end
 
 -  REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i
 +  REV_PARAM_RE = %r{\A[a-f0-9]*\z}i
 
   def find_project_repository
     @project = Project.find(params[:id])
 @@ -310,14 +310,12 @@
     end
     (render_404; return false) unless @repository
     @path = params[:path].is_a?(Array) ? params[:path].join('/') : params[:path].to_s
 -    @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].to_s.strip
 -    @rev_to = params[:rev_to]
 
 -    unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
 -      if @repository.branches.blank?
 -        raise InvalidRevisionParam
 -      end
 -    end
 +    @rev = params[:rev].to_s.strip.presence || @repository.default_branch
 +    raise InvalidRevisionParam unless valid_name?(@rev)
 +
 +    @rev_to = params[:rev_to].to_s.strip.presence
 +    raise InvalidRevisionParam unless valid_name?(@rev_to)
   rescue ActiveRecord::RecordNotFound
     render_404
   rescue InvalidRevisionParam
 @@ -436,4 +434,11 @@
       'attachment'
     end
   end
 +
 +  def valid_name?(rev)
 +    return true if rev.nil?
 +    return true if rev.match(REV_PARAM_RE)
 +
 +    @repository ? @repository.valid_name?(rev) : true
 +  end
 end
 Index: app/models/repository.rb
 ===================================================================
 --- app/models/repository.rb	(リビジョン 20965)
 +++ app/models/repository.rb	(作業コピー)
 @@ -462,6 +462,10 @@
     scope
   end
 
 +  def valid_name?(name)
 +    scm.valid_name?(name)
 +  end
 +
   protected
 
   # Validates repository url based against an optional regular expression
 Index: lib/redmine/scm/adapters/abstract_adapter.rb
 ===================================================================
 --- lib/redmine/scm/adapters/abstract_adapter.rb	(リビジョン 20965)
 +++ lib/redmine/scm/adapters/abstract_adapter.rb	(作業コピー)
 @@ -175,7 +175,16 @@
           (path[-1,1] == "/") ? path[0..-2] : path
         end
 
 -      private
 +        def valid_name?(name)
 +          return true if name.nil?
 +          return true if name.is_a?(Integer) && name > 0
 +          return true if name.is_a?(String) && name =~ /\A[0-9]*\z/
 +
 +          false
 +        end
 +
 +        private
 +
         def retrieve_root_url
           info = self.info
           info ? info.root_url : nil
 Index: lib/redmine/scm/adapters/git_adapter.rb
 ===================================================================
 --- lib/redmine/scm/adapters/git_adapter.rb	(リビジョン 20965)
 +++ lib/redmine/scm/adapters/git_adapter.rb	(作業コピー)
 @@ -380,6 +380,18 @@
           nil
         end
 
 +        def valid_name?(name)
 +          return false unless name.is_a?(String)
 +
 +          return false if name.start_with?('-', '/', 'refs/heads/', 'refs/remotes/')
 +          return false if name == 'HEAD'
 +
 +          git_cmd ['show-ref', '--heads', '--tags', '--quiet', '--', name]
 +          true
 +        rescue ScmCommandAborted
 +          false
 +        end
 +
         class Revision < Redmine::Scm::Adapters::Revision
           # Returns the readable identifier
           def format_identifier
 Index: lib/redmine/scm/adapters/mercurial_adapter.rb
 ===================================================================
 --- lib/redmine/scm/adapters/mercurial_adapter.rb	(リビジョン 20965)
 +++ lib/redmine/scm/adapters/mercurial_adapter.rb	(作業コピー)
 @@ -281,6 +281,15 @@
           Annotate.new
         end
 
 +        def valid_name?(name)
 +          return false unless name.nil? || name.is_a?(String)
 +
 +          # Mercurials names don't need to be checked further as its CLI
 +          # interface is restrictive enough to reject any invalid names on its
 +          # own.
 +          true
 +        end
 +
         class Revision < Redmine::Scm::Adapters::Revision
           # Returns the readable identifier
           def format_identifier
 Index: .
 ===================================================================
 --- .	(リビジョン 20965)
 +++ .	(作業コピー)

 Property changes on: .
 ___________________________________________________________________
 Modified: svn:mergeinfo
 ## -0,0 +0,1 ##
   /trunk:r20962 をマージしました
	Index: app/controllers/repositories_controller.rb
	===================================================================
	--- app/controllers/repositories_controller.rb (リビジョン 20965)
	+++ app/controllers/repositories_controller.rb (作業コピー)
	@@ -299,7 +299,7 @@
	render_404
	end

	- REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i
	+ REV_PARAM_RE = %r{\A[a-f0-9]*\z}i

	def find_project_repository
	@project = Project.find(params[:id])
	@@ -310,14 +310,12 @@
	end
	(render_404; return false) unless @repository
	@path = params[:path].is_a?(Array) ? params[:path].join('/') : params[:path].to_s
	- @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].to_s.strip
	- @rev_to = params[:rev_to]

	- unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
	- if @repository.branches.blank?
	- raise InvalidRevisionParam
	- end
	- end
	+ @rev = params[:rev].to_s.strip.presence \|\| @repository.default_branch
	+ raise InvalidRevisionParam unless valid_name?(@rev)
	+
	+ @rev_to = params[:rev_to].to_s.strip.presence
	+ raise InvalidRevisionParam unless valid_name?(@rev_to)
	rescue ActiveRecord::RecordNotFound
	render_404
	rescue InvalidRevisionParam
	@@ -436,4 +434,11 @@
	'attachment'
	end
	end
	+
	+ def valid_name?(rev)
	+ return true if rev.nil?
	+ return true if rev.match(REV_PARAM_RE)
	+
	+ @repository ? @repository.valid_name?(rev) : true
	+ end
	end
	Index: app/models/repository.rb
	===================================================================
	--- app/models/repository.rb (リビジョン 20965)
	+++ app/models/repository.rb (作業コピー)
	@@ -462,6 +462,10 @@
	scope
	end

	+ def valid_name?(name)
	+ scm.valid_name?(name)
	+ end
	+
	protected

	# Validates repository url based against an optional regular expression
	Index: lib/redmine/scm/adapters/abstract_adapter.rb
	===================================================================
	--- lib/redmine/scm/adapters/abstract_adapter.rb (リビジョン 20965)
	+++ lib/redmine/scm/adapters/abstract_adapter.rb (作業コピー)
	@@ -175,7 +175,16 @@
	(path[-1,1] == "/") ? path[0..-2] : path
	end

	- private
	+ def valid_name?(name)
	+ return true if name.nil?
	+ return true if name.is_a?(Integer) && name > 0
	+ return true if name.is_a?(String) && name =~ /\A[0-9]*\z/
	+
	+ false
	+ end
	+
	+ private
	+
	def retrieve_root_url
	info = self.info
	info ? info.root_url : nil
	Index: lib/redmine/scm/adapters/git_adapter.rb
	===================================================================
	--- lib/redmine/scm/adapters/git_adapter.rb (リビジョン 20965)
	+++ lib/redmine/scm/adapters/git_adapter.rb (作業コピー)
	@@ -380,6 +380,18 @@
	nil
	end

	+ def valid_name?(name)
	+ return false unless name.is_a?(String)
	+
	+ return false if name.start_with?('-', '/', 'refs/heads/', 'refs/remotes/')
	+ return false if name == 'HEAD'
	+
	+ git_cmd ['show-ref', '--heads', '--tags', '--quiet', '--', name]
	+ true
	+ rescue ScmCommandAborted
	+ false
	+ end
	+
	class Revision < Redmine::Scm::Adapters::Revision
	# Returns the readable identifier
	def format_identifier
	Index: lib/redmine/scm/adapters/mercurial_adapter.rb
	===================================================================
	--- lib/redmine/scm/adapters/mercurial_adapter.rb (リビジョン 20965)
	+++ lib/redmine/scm/adapters/mercurial_adapter.rb (作業コピー)
	@@ -281,6 +281,15 @@
	Annotate.new
	end

	+ def valid_name?(name)
	+ return false unless name.nil? \|\| name.is_a?(String)
	+
	+ # Mercurials names don't need to be checked further as its CLI
	+ # interface is restrictive enough to reject any invalid names on its
	+ # own.
	+ true
	+ end
	+
	class Revision < Redmine::Scm::Adapters::Revision
	# Returns the readable identifier
	def format_identifier
	Index: .
	===================================================================
	--- . (リビジョン 20965)
	+++ . (作業コピー)

	Property changes on: .
	___________________________________________________________________
	Modified: svn:mergeinfo
	## -0,0 +0,1 ##
	/trunk:r20962 をマージしました