oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-15 19:42:04 +00:00
Code Wiki Activity
forgejo/routers/web/repo
History
0ko 5ac2c0a2ba fix(ui): multiple fixes of sync fork UI (#7740) 
Followup to https://codeberg.org/forgejo/forgejo/pulls/2364
Replaces https://codeberg.org/forgejo/forgejo/pulls/7666

Fix multiple issues with the original implementation:
* `SyncFork` web handler used `{branch}` as a parameter, so it failed for branches with `/` in names
    * Originally I switched it to use `*` like other branch web handlers, but I found that it was easier to move it out from URL to POST request values
* Security: `SyncFork` web handler was using GET method, so just visiting the link was enough to execute the action
    * It was switched to POST done via form with CSRF, which also allowed to put branch name in it's values
* Security: in template, branch name was not escaped but rendered with `SafeHTML`, allowing for rendering fun characters like `&` and for script execution. Also the link was not escaped correctly and would be leading to 404
    * To avoid having to change all translations, only the branch name+link part was changed and is now escaped with `HTMLFormat` before being passed to TrN

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7740
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-02 14:25:05 +00:00
..
actions Actions Done Notification (#7491) 2025-04-24 15:15:24 +00:00
badges chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
flags chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
setting feat: move StopTask, CancelPreviousJobs and CleanRepoScheduleTasks to services/actions 2025-04-10 08:38:27 +02:00
action_aggregator_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
activity.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
attachment.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
blame.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
branch.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
card.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
cherry_pick.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
code_frequency.go Hide activity contributors, recent commits and code frequrency left tabs if there is no code permission (#34053) 2025-04-01 02:28:02 +02:00
commit.go chore: simplify GetDiff (#7682) 2025-04-27 19:49:59 +00:00
compare.go chore: simplify GetDiff (#7682) 2025-04-27 19:49:59 +00:00
contributors.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
download.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
editor.go fix(i18n): fix several usages of i18n (#7422) 2025-04-02 14:50:02 +00:00
editor_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
find.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
githttp.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
githttp_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
helper.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
helper_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue.go feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035) 2025-04-03 15:24:15 +00:00
issue_content_history.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
issue_dependency.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue_label.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue_label_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
issue_lock.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue_pin.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue_stopwatch.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue_timetrack.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
issue_watch.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
main_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
middlewares.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
migrate.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
milestone.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
packages.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
patch.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
projects.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
projects_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
pull.go chore: simplify GetDiff (#7682) 2025-04-27 19:49:59 +00:00
pull_review.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
pull_review_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
recent_commits.go Hide activity contributors, recent commits and code frequrency left tabs if there is no code permission (#34053) 2025-04-01 02:28:02 +02:00
release.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
release_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
render.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
repo.go fix(ui): multiple fixes of sync fork UI (#7740) 2025-05-02 14:25:05 +00:00
search.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
topic.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
treelist.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
view.go fix(ui): multiple fixes of sync fork UI (#7740) 2025-05-02 14:25:05 +00:00
view_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
wiki.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
wiki_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00