NotificationsYou must be signed in to change notification settings
Fork6.3k
Star52.6k

Commit47d69b7

authored

Validate hex colors when creating/editing labels (#34623)

Resolves#34618.---------Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

1 parentb38f2d3 commit47d69b7Copy full SHA for 47d69b7

File tree

9 files changed

+150

-75

lines changed

modules
- label
  - label.go
- test
  - utils.go
options/locale
- locale_en-US.ini
routers/web
- org
  - org_labels.go
- repo
  - issue_label.go
  - issue_label_test.go
- shared/label
  - label.go
templates/repo/issue/labels
- label_edit_modal.tmpl
web_src/js/features/comp
- LabelEdit.ts

9 files changed

+150

-75

lines changed

`‎modules/label/label.go‎`

Lines changed: 9 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,10 +7,10 @@ import (`
`7`	`7`	`"fmt"`
`8`	`8`	`"regexp"`
`9`	`9`	`"strings"`
`10`		`-)`
	`10`	`+"sync"`
`11`	`11`
`12`		`-// colorPattern is a regexp which can validate label color`
`13`		`-varcolorPattern=regexp.MustCompile("^#?(?:[0-9a-fA-F]{6}\|[0-9a-fA-F]{3})$")`
	`12`	`+"code.gitea.io/gitea/modules/util"`
	`13`	`+)`
`14`	`14`
`15`	`15`	`// Label represents label information loaded from template`
`16`	`16`	`typeLabelstruct {`
`@@ -21,6 +21,10 @@ type Label struct {`
`21`	`21`	ExclusiveOrderint`yaml:"exclusive_order,omitempty"`
`22`	`22`	`}`
`23`	`23`
	`24`	`+varcolorPattern=sync.OnceValue(func()*regexp.Regexp {`
	`25`	+returnregexp.MustCompile(`^#([\da-fA-F]{3}\|[\da-fA-F]{6})$`)
	`26`	`+})`
	`27`	`+`
`24`	`28`	`// NormalizeColor normalizes a color string to a 6-character hex code`
`25`	`29`	`funcNormalizeColor(colorstring) (string,error) {`
`26`	`30`	`// normalize case`
`@@ -31,8 +35,8 @@ func NormalizeColor(color string) (string, error) {`
`31`	`35`	`color="#"+color`
`32`	`36`	`}`
`33`	`37`
`34`		`-if!colorPattern.MatchString(color) {`
`35`		`-return"",fmt.Errorf("bad color code: %s",color)`
	`38`	`+if!colorPattern().MatchString(color) {`
	`39`	`+return"",util.NewInvalidArgumentErrorf("invalid color: %s",color)`
`36`	`40`	`}`
`37`	`41`
`38`	`42`	`// convert 3-character shorthand into 6-character version`

`‎modules/test/utils.go‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ import (`
`17`	`17`
`18`	`18`	`// RedirectURL returns the redirect URL of a http response.`
`19`	`19`	// It also works for JSONRedirect: `{"redirect": "..."}`
	`20`	`+// FIXME: it should separate the logic of checking from header and JSON body`
`20`	`21`	`funcRedirectURL(resp http.ResponseWriter)string {`
`21`	`22`	`loc:=resp.Header().Get("Location")`
`22`	`23`	`ifloc!="" {`
`@@ -34,6 +35,15 @@ func RedirectURL(resp http.ResponseWriter) string {`
`34`	`35`	`return""`
`35`	`36`	`}`
`36`	`37`
	`38`	`+funcParseJSONError(buf []byte) (retstruct {`
	`39`	+ErrorMessagestring`json:"errorMessage"`
	`40`	+RenderFormatstring`json:"renderFormat"`
	`41`	`+},`
	`42`	`+) {`
	`43`	`+_=json.Unmarshal(buf,&ret)`
	`44`	`+returnret`
	`45`	`+}`
	`46`	`+`
`37`	`47`	`funcIsNormalPageCompleted(sstring)bool {`
`38`	`48`	returnstrings.Contains(s,`<footer class="page-footer"`)&&strings.Contains(s,`</html>`)
`39`	`49`	`}`

`‎options/locale/locale_en-US.ini‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1433,7 +1433,6 @@ commitstatus.success = Success`
`1433`	`1433`	`ext_issues = Access to External Issues`
`1434`	`1434`	`ext_issues.desc = Link to an external issue tracker.`
`1435`	`1435`
`1436`		`-projects = Projects`
`1437`	`1436`	`projects.desc = Manage issues and pulls in projects.`
`1438`	`1437`	`projects.description = Description (optional)`
`1439`	`1438`	`projects.description_placeholder = Description`
`@@ -1653,6 +1652,7 @@ issues.save = Save`
`1653`	`1652`	`issues.label_title = Name`
`1654`	`1653`	`issues.label_description = Description`
`1655`	`1654`	`issues.label_color = Color`
	`1655`	`+issues.label_color_invalid = Invalid color`
`1656`	`1656`	`issues.label_exclusive = Exclusive`
`1657`	`1657`	`issues.label_archive = Archive Label`
`1658`	`1658`	`issues.label_archived_filter = Show archived labels`

`‎routers/web/org/org_labels.go‎`

Lines changed: 17 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,15 @@`
`4`	`4`	`package org`
`5`	`5`
`6`	`6`	`import (`
`7`		`-"net/http"`
	`7`	`+"errors"`
`8`	`8`
`9`	`9`	`"code.gitea.io/gitea/models/db"`
`10`	`10`	`issues_model"code.gitea.io/gitea/models/issues"`
`11`	`11`	`"code.gitea.io/gitea/modules/label"`
`12`	`12`	`repo_module"code.gitea.io/gitea/modules/repository"`
	`13`	`+"code.gitea.io/gitea/modules/util"`
`13`	`14`	`"code.gitea.io/gitea/modules/web"`
	`15`	`+shared_label"code.gitea.io/gitea/routers/web/shared/label"`
`14`	`16`	`"code.gitea.io/gitea/services/context"`
`15`	`17`	`"code.gitea.io/gitea/services/forms"`
`16`	`18`	`)`
`@@ -32,14 +34,8 @@ func RetrieveLabels(ctx *context.Context) {`
`32`	`34`
`33`	`35`	`// NewLabel create new label for organization`
`34`	`36`	`funcNewLabel(ctx*context.Context) {`
`35`		`-form:=web.GetForm(ctx).(*forms.CreateLabelForm)`
`36`		`-ctx.Data["Title"]=ctx.Tr("repo.labels")`
`37`		`-ctx.Data["PageIsLabels"]=true`
`38`		`-ctx.Data["PageIsOrgSettings"]=true`
`39`		`-`
`40`		`-ifctx.HasError() {`
`41`		`-ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))`
`42`		`-ctx.Redirect(ctx.Org.OrgLink+"/settings/labels")`
	`37`	`+form:=shared_label.GetLabelEditForm(ctx)`
	`38`	`+ifctx.Written() {`
`43`	`39`	`return`
`44`	`40`	`}`
`45`	`41`
`@@ -55,20 +51,22 @@ func NewLabel(ctx *context.Context) {`
`55`	`51`	`ctx.ServerError("NewLabel",err)`
`56`	`52`	`return`
`57`	`53`	`}`
`58`		`-ctx.Redirect(ctx.Org.OrgLink+"/settings/labels")`
	`54`	`+ctx.JSONRedirect(ctx.Org.OrgLink+"/settings/labels")`
`59`	`55`	`}`
`60`	`56`
`61`	`57`	`// UpdateLabel update a label's name and color`
`62`	`58`	`funcUpdateLabel(ctx*context.Context) {`
`63`		`-form:=web.GetForm(ctx).(*forms.CreateLabelForm)`
	`59`	`+form:=shared_label.GetLabelEditForm(ctx)`
	`60`	`+ifctx.Written() {`
	`61`	`+return`
	`62`	`+}`
	`63`	`+`
`64`	`64`	`l,err:=issues_model.GetLabelInOrgByID(ctx,ctx.Org.Organization.ID,form.ID)`
`65`		`-iferr!=nil {`
`66`		`-switch {`
`67`		`-caseissues_model.IsErrOrgLabelNotExist(err):`
`68`		`-ctx.HTTPError(http.StatusNotFound)`
`69`		`-default:`
`70`		`-ctx.ServerError("UpdateLabel",err)`
`71`		`-}`
	`65`	`+iferrors.Is(err,util.ErrNotExist) {`
	`66`	`+ctx.JSONErrorNotFound()`
	`67`	`+return`
	`68`	`+}elseiferr!=nil {`
	`69`	`+ctx.ServerError("GetLabelInOrgByID",err)`
`72`	`70`	`return`
`73`	`71`	`}`
`74`	`72`
`@@ -82,7 +80,7 @@ func UpdateLabel(ctx *context.Context) {`
`82`	`80`	`ctx.ServerError("UpdateLabel",err)`
`83`	`81`	`return`
`84`	`82`	`}`
`85`		`-ctx.Redirect(ctx.Org.OrgLink+"/settings/labels")`
	`83`	`+ctx.JSONRedirect(ctx.Org.OrgLink+"/settings/labels")`
`86`	`84`	`}`
`87`	`85`
`88`	`86`	`// DeleteLabel delete a label`

`‎routers/web/repo/issue_label.go‎`

Lines changed: 18 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`package repo`
`5`	`5`
`6`	`6`	`import (`
	`7`	`+"errors"`
`7`	`8`	`"net/http"`
`8`	`9`
`9`	`10`	`"code.gitea.io/gitea/models/db"`
`@@ -13,7 +14,9 @@ import (`
`13`	`14`	`"code.gitea.io/gitea/modules/log"`
`14`	`15`	`repo_module"code.gitea.io/gitea/modules/repository"`
`15`	`16`	`"code.gitea.io/gitea/modules/templates"`
	`17`	`+"code.gitea.io/gitea/modules/util"`
`16`	`18`	`"code.gitea.io/gitea/modules/web"`
	`19`	`+shared_label"code.gitea.io/gitea/routers/web/shared/label"`
`17`	`20`	`"code.gitea.io/gitea/services/context"`
`18`	`21`	`"code.gitea.io/gitea/services/forms"`
`19`	`22`	`issue_service"code.gitea.io/gitea/services/issue"`
`@@ -100,13 +103,8 @@ func RetrieveLabelsForList(ctx *context.Context) {`
`100`	`103`
`101`	`104`	`// NewLabel create new label for repository`
`102`	`105`	`funcNewLabel(ctx*context.Context) {`
`103`		`-form:=web.GetForm(ctx).(*forms.CreateLabelForm)`
`104`		`-ctx.Data["Title"]=ctx.Tr("repo.labels")`
`105`		`-ctx.Data["PageIsLabels"]=true`
`106`		`-`
`107`		`-ifctx.HasError() {`
`108`		`-ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))`
`109`		`-ctx.Redirect(ctx.Repo.RepoLink+"/labels")`
	`106`	`+form:=shared_label.GetLabelEditForm(ctx)`
	`107`	`+ifctx.Written() {`
`110`	`108`	`return`
`111`	`109`	`}`
`112`	`110`
`@@ -122,34 +120,36 @@ func NewLabel(ctx *context.Context) {`
`122`	`120`	`ctx.ServerError("NewLabel",err)`
`123`	`121`	`return`
`124`	`122`	`}`
`125`		`-ctx.Redirect(ctx.Repo.RepoLink+"/labels")`
	`123`	`+ctx.JSONRedirect(ctx.Repo.RepoLink+"/labels")`
`126`	`124`	`}`
`127`	`125`
`128`	`126`	`// UpdateLabel update a label's name and color`
`129`	`127`	`funcUpdateLabel(ctx*context.Context) {`
`130`		`-form:=web.GetForm(ctx).(*forms.CreateLabelForm)`
	`128`	`+form:=shared_label.GetLabelEditForm(ctx)`
	`129`	`+ifctx.Written() {`
	`130`	`+return`
	`131`	`+}`
	`132`	`+`
`131`	`133`	`l,err:=issues_model.GetLabelInRepoByID(ctx,ctx.Repo.Repository.ID,form.ID)`
`132`		`-iferr!=nil {`
`133`		`-switch {`
`134`		`-caseissues_model.IsErrRepoLabelNotExist(err):`
`135`		`-ctx.HTTPError(http.StatusNotFound)`
`136`		`-default:`
`137`		`-ctx.ServerError("UpdateLabel",err)`
`138`		`-}`
	`134`	`+iferrors.Is(err,util.ErrNotExist) {`
	`135`	`+ctx.JSONErrorNotFound()`
	`136`	`+return`
	`137`	`+}elseiferr!=nil {`
	`138`	`+ctx.ServerError("GetLabelInRepoByID",err)`
`139`	`139`	`return`
`140`	`140`	`}`
	`141`	`+`
`141`	`142`	`l.Name=form.Title`
`142`	`143`	`l.Exclusive=form.Exclusive`
`143`	`144`	`l.ExclusiveOrder=form.ExclusiveOrder`
`144`	`145`	`l.Description=form.Description`
`145`	`146`	`l.Color=form.Color`
`146`		`-`
`147`	`147`	`l.SetArchived(form.IsArchived)`
`148`	`148`	`iferr:=issues_model.UpdateLabel(ctx,l);err!=nil {`
`149`	`149`	`ctx.ServerError("UpdateLabel",err)`
`150`	`150`	`return`
`151`	`151`	`}`
`152`		`-ctx.Redirect(ctx.Repo.RepoLink+"/labels")`
	`152`	`+ctx.JSONRedirect(ctx.Repo.RepoLink+"/labels")`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`// DeleteLabel delete a label`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit47d69b7

File tree

9 files changed

9 files changed

`‎modules/label/label.go‎`

`‎modules/test/utils.go‎`

`‎options/locale/locale_en-US.ini‎`

`‎routers/web/org/org_labels.go‎`

`‎routers/web/repo/issue_label.go‎`

0 commit comments