fix topic special tags #4031
fix topic special tags #4031
Conversation
lunny
added
type/bug
topic/security
Codecov Report
@@ Coverage Diff @@
## master #4031 +/- ##
=========================================
Coverage ? 19.97%
=========================================
Files ? 153
Lines ? 30484
Branches ? 0
=========================================
Hits ? 6090
Misses ? 23480
Partials ? 914
Continue to review full report at Codecov.
|
bkcsoft
added
the
lgtm/need 2
|
If I add the topic If I try to remove the same topic which I added before your PR will result in not removing it. |
|
I think for topics we need to add restrictions on the used symbols like GitHub topics and StackOverflow tags. Rules:
|
bkcsoft
added
lgtm/need 1
| @@ -113,7 +118,8 @@ func SaveTopics(repoID int64, topicNames ...string) error { | |||
|
|
|||
| var addedTopicNames []string | |||
| for _, topicName := range topicNames { | |||
| if strings.TrimSpace(topicName) == "" { | |||
| topicName = validTopic(topicName) | |||
| if topicName == "" { | |||
There was a problem hiding this comment.
if topicName = validTopic(topicName); len(topicName) == 0 {| @@ -133,6 +139,11 @@ func SaveTopics(repoID int64, topicNames ...string) error { | |||
| for _, t := range topics { | |||
| var found bool | |||
| for _, topicName := range topicNames { | |||
| topicName = validTopic(topicName) | |||
| if topicName == "" { | |||
| @@ -2301,12 +2301,23 @@ function initNavbarContentToggle() { | |||
| }); | |||
| } | |||
|
|
|||
| function pasteFilter(e) { | |||
There was a problem hiding this comment.
What does this magical function do? Mind adding that to a comment above the function? :)
There was a problem hiding this comment.
It replaces all tags (substrings on the form <...>) with a space, " " when a user pastes, but I agree there should be a comment.
|
@techknowlogick I cannot follow you because the security issue is not resolved as I stated in a previous comment. If you think that this will resolve the problem, let me know it! Edit: It actually resolves the security problem but introduces a bug as I mentioned in the previous comment. |
|
@JonasFranzDEV yes. I give LG-TM because bug happens when a user has the
|
|
@JonasFranzDEV what if in the |
|
@techknowlogick, I'm working on the full solution with front/back validation. And I also found repo topics duplication bug. I'll try to finish this on the weekend. |
Signed-off-by: Alexey Terentyev <[email protected]>
|
closed by #4258 |
* Added topics validation, fixed repo topics duplication (#4031) Signed-off-by: Alexey Terentyev <[email protected]> * Added tests Signed-off-by: Alexey Terentyev <[email protected]> * Fixed fmt Signed-off-by: Alexey Terentyev <[email protected]> * Added comments to exported functions Signed-off-by: Alexey Terentyev <[email protected]> * Deleted RemoveDuplicateTopics function Signed-off-by: Alexey Terentyev <[email protected]> * Fixed messages Signed-off-by: Alexey Terentyev <[email protected]> * Added migration Signed-off-by: Alexey Terentyev <[email protected]> * fmt migration file Signed-off-by: Alexey Terentyev <[email protected]> * fixed lint Signed-off-by: Alexey Terentyev <[email protected]> * Added Copyright Signed-off-by: Alexey Terentyev <[email protected]> * Added query solution for duplicates Signed-off-by: Alexey Terentyev <[email protected]> * Fixed migration query Signed-off-by: Alexey Terentyev <[email protected]> * Changed RegExp. Fixed migration Signed-off-by: Alexey Terentyev <[email protected]> * fmt migration file Signed-off-by: Alexey Terentyev <[email protected]> * Fixed test for changed regexp Signed-off-by: Alexey Terentyev <[email protected]> * Removed validation log messages Signed-off-by: Alexey Terentyev <[email protected]> * Renamed migration file Signed-off-by: Alexey Terentyev <[email protected]> * Renamed validate function Signed-off-by: Alexey Terentyev <[email protected]>
This will filter special tags on topics.