Skip to content

Commit

Permalink
Prevent clones and pushes to disabled wiki (go-gitea#11131)
Browse files Browse the repository at this point in the history
Signed-off-by: Andrew Thornton <art27@cantab.net>
  • Loading branch information
zeripath committed Apr 19, 2020
1 parent cebef5c commit 9ceefeb
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 1 deletion.
21 changes: 20 additions & 1 deletion routers/private/serv.go
Original file line number Diff line number Diff line change
Expand Up @@ -329,8 +329,27 @@ func ServCommand(ctx *macaron.Context) {
results.RepoID = repo.ID
}

// Finally if we're trying to touch the wiki we should init it
if results.IsWiki {
// Ensure the wiki is enabled before we allow access to it
if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil {
if models.IsErrUnitTypeNotExist(err) {
ctx.JSON(http.StatusForbidden, map[string]interface{}{
"results": results,
"type": "ErrForbidden",
"err": "repository wiki is disabled",
})
return
}
log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err)
ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
"results": results,
"type": "InternalServerError",
"err": fmt.Sprintf("Failed to get the wiki unit in %s/%s Error: %v", ownerName, repoName, err),
})
return
}

// Finally if we're trying to touch the wiki we should init it
if err = wiki_service.InitWiki(repo); err != nil {
log.Error("Failed to initialize the wiki in %-v Error: %v", repo, err)
ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
Expand Down
13 changes: 13 additions & 0 deletions routers/repo/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,19 @@ func HTTP(ctx *context.Context) {
}
}

if isWiki {
// Ensure the wiki is enabled before we allow access to it
if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil {
if models.IsErrUnitTypeNotExist(err) {
ctx.HandleText(http.StatusForbidden, "repository wiki is disabled")
return
}
log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err)
ctx.ServerError("GetUnit(UnitTypeWiki) for "+repo.FullName(), err)
return
}
}

environ = append(environ, models.ProtectedBranchRepoID+fmt.Sprintf("=%d", repo.ID))

w := ctx.Resp
Expand Down

0 comments on commit 9ceefeb

Please sign in to comment.