From dca8ef940726a6b7116a617091913d855b477724 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 19 Apr 2020 16:40:40 +0100 Subject: [PATCH] Prevent clones and pushes to disabled wiki (#11131) (#11134) Backport #11131 Signed-off-by: Andrew Thornton --- routers/private/serv.go | 21 ++++++++++++++++++++- routers/repo/http.go | 13 +++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/routers/private/serv.go b/routers/private/serv.go index 91c28143eeea..d5b5fcc8f7e7 100644 --- a/routers/private/serv.go +++ b/routers/private/serv.go @@ -329,8 +329,27 @@ func ServCommand(ctx *macaron.Context) { results.RepoID = repo.ID } - // Finally if we're trying to touch the wiki we should init it if results.IsWiki { + // Ensure the wiki is enabled before we allow access to it + if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil { + if models.IsErrUnitTypeNotExist(err) { + ctx.JSON(http.StatusForbidden, map[string]interface{}{ + "results": results, + "type": "ErrForbidden", + "err": "repository wiki is disabled", + }) + return + } + log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err) + ctx.JSON(http.StatusInternalServerError, map[string]interface{}{ + "results": results, + "type": "InternalServerError", + "err": fmt.Sprintf("Failed to get the wiki unit in %s/%s Error: %v", ownerName, repoName, err), + }) + return + } + + // Finally if we're trying to touch the wiki we should init it if err = wiki_service.InitWiki(repo); err != nil { log.Error("Failed to initialize the wiki in %-v Error: %v", repo, err) ctx.JSON(http.StatusInternalServerError, map[string]interface{}{ diff --git a/routers/repo/http.go b/routers/repo/http.go index d0a2b289b710..9c0834e5c3fa 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -313,6 +313,19 @@ func HTTP(ctx *context.Context) { } } + if isWiki { + // Ensure the wiki is enabled before we allow access to it + if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil { + if models.IsErrUnitTypeNotExist(err) { + ctx.HandleText(http.StatusForbidden, "repository wiki is disabled") + return + } + log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err) + ctx.ServerError("GetUnit(UnitTypeWiki) for "+repo.FullName(), err) + return + } + } + environ = append(environ, models.ProtectedBranchRepoID+fmt.Sprintf("=%d", repo.ID)) w := ctx.Resp