Make project names match [A-Za-z0-9._-]+

Project names in URLs are now case-insensitive --
This might break existing projects.

Also prohibits use of '.git' and '.hg' as project names.
This commit is contained in:
Sol Fisher Romanoff 2021-08-08 19:03:52 +03:00 committed by Drew DeVault
parent 9add0bfac7
commit 1426569187
2 changed files with 7 additions and 4 deletions

View File

@ -175,12 +175,14 @@ def create_POST():
visibility = valid.require("visibility", cls=Visibility) visibility = valid.require("visibility", cls=Visibility)
valid.expect(not name or len(name) < 128, valid.expect(not name or len(name) < 128,
"Name must be fewer than 128 characters", field="name") "Name must be fewer than 128 characters", field="name")
valid.expect(not name or re.match(r'^[A-Za-z._-][A-Za-z0-9._-]*$', name), valid.expect(not name or re.match(r'^[A-Za-z0-9._-]+$', name),
"Name must match [A-Za-z._-][A-Za-z0-9._-]*", field="name") "Name must match [A-Za-z0-9._-]+", field="name")
valid.expect(not name or name not in [".", ".."], valid.expect(not name or name not in [".", ".."],
"Name cannot be '.' or '..'", field="name") "Name cannot be '.' or '..'", field="name")
valid.expect(not name or name not in [".git", ".hg"],
"Name must not be '.git' or '.hg'", field="name")
valid.expect(not name or Project.query valid.expect(not name or Project.query
.filter(Project.name == name) .filter(Project.name.ilike(name.replace('_', '\\_')))
.filter(Project.owner_id == current_user.id).count() == 0, .filter(Project.owner_id == current_user.id).count() == 0,
"Name must be unique among your projects", field="name") "Name must be unique among your projects", field="name")
valid.expect(not description or len(description) < 512, valid.expect(not description or len(description) < 512,

View File

@ -13,7 +13,8 @@ def get_project(owner, project_name, access, user=current_user):
project = (Project.query project = (Project.query
.join(User, Project.owner_id == User.id) .join(User, Project.owner_id == User.id)
.filter(User.username == owner) .filter(User.username == owner)
.filter(Project.name == project_name)).one_or_none() .filter(Project.name.ilike(project_name.replace('_', '\\_')))
).one_or_none()
if not project: if not project:
abort(404) abort(404)
if user != None and user.id == project.owner_id: if user != None and user.id == project.owner_id: