Make project names match [A-Za-z0-9._-]+

Project names in URLs are now case-insensitive --
This might break existing projects.

Also prohibits use of '.git' and '.hg' as project names.
master 0.13.7
Sol Fisher Romanoff 1 year ago committed by Drew DeVault
parent 9add0bfac7
commit 1426569187
  1. 8
      hubsrht/blueprints/projects.py
  2. 3
      hubsrht/projects.py

@ -175,12 +175,14 @@ def create_POST():
visibility = valid.require("visibility", cls=Visibility)
valid.expect(not name or len(name) < 128,
"Name must be fewer than 128 characters", field="name")
valid.expect(not name or re.match(r'^[A-Za-z._-][A-Za-z0-9._-]*$', name),
"Name must match [A-Za-z._-][A-Za-z0-9._-]*", field="name")
valid.expect(not name or re.match(r'^[A-Za-z0-9._-]+$', name),
"Name must match [A-Za-z0-9._-]+", field="name")
valid.expect(not name or name not in [".", ".."],
"Name cannot be '.' or '..'", field="name")
valid.expect(not name or name not in [".git", ".hg"],
"Name must not be '.git' or '.hg'", field="name")
valid.expect(not name or Project.query
.filter(Project.name == name)
.filter(Project.name.ilike(name.replace('_', '\\_')))
.filter(Project.owner_id == current_user.id).count() == 0,
"Name must be unique among your projects", field="name")
valid.expect(not description or len(description) < 512,

@ -13,7 +13,8 @@ def get_project(owner, project_name, access, user=current_user):
project = (Project.query
.join(User, Project.owner_id == User.id)
.filter(User.username == owner)
.filter(Project.name == project_name)).one_or_none()
.filter(Project.name.ilike(project_name.replace('_', '\\_')))
).one_or_none()
if not project:
abort(404)
if user != None and user.id == project.owner_id:

Loading…
Cancel
Save