gitea/modules
zeripath e77b76425e
Prepend refs/heads/ to issue template refs (#20461)
Fix #20456

At some point during the 1.17 cycle abbreviated refishs to issue
branches started breaking. This is likely due serious inconsistencies in
our management of refs throughout Gitea - which is a bug needing to be
addressed in a different PR. (Likely more than one)

We should try to use non-abbreviated `fullref`s as much as possible.
That is where a user has inputted a abbreviated `refish` we should add
`refs/heads/` if it is `branch` etc. I know people keep writing and
merging PRs that remove prefixes from stored content but it is just
wrong and it keeps causing problems like this. We should only remove the
prefix at the time of
presentation as the prefix is the only way of knowing umambiguously and
permanently if the `ref` is referring to a `branch`, `tag` or `commit` /
`SHA`. We need to make it so that every ref has the appropriate prefix,
and probably also need to come up with some definitely unambiguous way
of storing `SHA`s if they're used in a `ref` or `refish` field. We must
not store a potentially
ambiguous `refish` as a `ref`. (Especially when referring a `tag` -
there is no reason why users cannot create a `branch` with the same
short name as a `tag` and vice versa and any attempt to prevent this
will fail. You can even create a `branch` and a
`tag` that matches the `SHA` pattern.)

To that end in order to fix this bug, when parsing issue templates check
the provided `Ref` (here a `refish` because almost all users do not know
or understand the subtly), if it does not start with `refs/` add the
`BranchPrefix` to it. This allows people to make their templates refer
to a `tag` but not to a `SHA` directly. (I don't think that is
particularly unreasonable but if people disagree I can make the `refish`
be checked to see if it matches the `SHA` pattern.)

Next we need to handle the issue links that are already written. The
links here are created with `git.RefURL`

Here we see there is a bug introduced in #17551 whereby the provided
`ref` argument can be double-escaped so we remove the incorrect external
escape. (The escape added in #17551 is in the right place -
unfortunately I missed that the calling function was doing the wrong
thing.)

Then within `RefURL()` we check if an unprefixed `ref` (therefore
potentially a `refish`) matches the `SHA` pattern before assuming that
is actually a `commit` - otherwise is assumed to be a `branch`. This
will handle most of the problem cases excepting the very unusual cases
where someone has deliberately written a `branch` to look like a `SHA1`.

But please if something is called a `ref` or interpreted as a `ref` make
it a full-ref before storing or using it. By all means if something is a
`branch` assume the prefix is removed but always add it back in if you
are using it as a `ref`. Stop storing abbreviated `branch` names and
`tag` names - which are `refish` as a `ref`. It will keep on causing
problems like this.

Fix #20456

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-22 20:58:49 +08:00
..
activitypub Fix dashboard ignored system setting cache (#21621) 2022-11-10 14:43:53 +08:00
analyze Simplify IsVendor (#19626) 2022-05-06 10:12:30 +01:00
auth Remove legacy +build: constraint (#19582) 2022-05-02 23:22:45 +08:00
avatar Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
base Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
cache Fix dashboard ignored system setting cache (#21621) 2022-11-10 14:43:53 +08:00
charset Move go-licenses to generate and separate generate into a frontend and backend component (#21061) 2022-09-05 14:04:18 +08:00
container Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
context Prepend refs/heads/ to issue template refs (#20461) 2022-11-22 20:58:49 +08:00
convert Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
csv Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
doctor Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
emoji Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
eventsource Move some files into models' sub packages (#20262) 2022-08-25 10:31:57 +08:00
generate Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
git Prepend refs/heads/ to issue template refs (#20461) 2022-11-22 20:58:49 +08:00
gitgraph Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
graceful Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Show syntax lexer name in file view/blame (#21814) 2022-11-19 13:08:06 +02:00
hostmatcher Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
html Move svg html render to modules/svg (#21716) 2022-11-08 23:13:58 +08:00
httpcache Add Cache-Control header to html and api responses, add no-transform (#20432) 2022-07-23 14:38:03 +08:00
httplib refactor httplib (#18338) 2022-01-19 19:31:39 -05:00
indexer Show syntax lexer name in file view/blame (#21814) 2022-11-19 13:08:06 +02:00
issue/template Support comma-delimited string as labels in issue template (#21831) 2022-11-19 15:22:15 +00:00
json Refactor legacy unknwon/com package, improve golangci lint (#19284) 2022-04-01 16:47:50 +08:00
lfs Removed some vestigial code related to Range bounds checks (#20312) 2022-07-28 11:04:36 +08:00
log Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
markup Support comma-delimited string as labels in issue template (#21831) 2022-11-19 15:22:15 +00:00
mcaptcha Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
metrics Move some files into models' sub packages (#20262) 2022-08-25 10:31:57 +08:00
migration Replace yaml.v2 with yaml.v3 (#21832) 2022-11-21 16:36:59 +08:00
mirror Implement sync push mirror on commit (#19411) 2022-07-08 20:45:12 +01:00
nosql fix broken insecureskipverify handling in rediss connection uris (#20967) 2022-08-29 16:38:49 +02:00
notification Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
options Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
packages Replace yaml.v2 with yaml.v3 (#21832) 2022-11-21 16:36:59 +08:00
paginator Remove unnecessary misspell ignore pattern (#21475) 2022-10-18 12:52:25 -04:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
private Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
process Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
proxy Return nil proxy function if proxy not enabled (#16742) 2021-08-19 16:41:20 -04:00
proxyprotocol Support Proxy protocol (#12527) 2022-08-21 19:20:43 +01:00
public Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
queue Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
recaptcha Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
references Remove unnecessary misspell ignore pattern (#21475) 2022-10-18 12:52:25 -04:00
regexplru Custom regexp external issues (#17624) 2022-06-10 13:39:53 +08:00
repository Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
secret Use CryptoRandomBytes instead of CryptoRandomString (#18439) 2022-02-04 18:03:15 +01:00
session format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
setting Allow disable RSS/Atom feed (#21622) 2022-11-21 13:14:58 +08:00
sitemap Add sitemap support (#18407) 2022-06-25 19:06:01 +02:00
ssh Support Proxy protocol (#12527) 2022-08-21 19:20:43 +01:00
storage Save files in local storage as umask (#21198) 2022-09-24 21:04:14 +08:00
structs Support comma-delimited string as labels in issue template (#21831) 2022-11-19 15:22:15 +00:00
svg Move svg html render to modules/svg (#21716) 2022-11-08 23:13:58 +08:00
sync Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
system Fix dashboard ignored system setting cache (#21621) 2022-11-10 14:43:53 +08:00
templates Fix dashboard ignored system setting cache (#21621) 2022-11-10 14:43:53 +08:00
test Refactor AssertExistsAndLoadBean to use generics (#20797) 2022-08-16 10:22:25 +08:00
timeutil Fix Timestamp.IsZero (#21593) 2022-10-26 21:34:44 +08:00
translation Make every not exist error unwrappable to a fs.ErrNotExist (#20891) 2022-10-18 07:50:37 +02:00
typesniffer Rework raw file http header logic (#20484) 2022-07-29 17:26:55 +02:00
updatechecker Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
upload Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
uri Prevent NPE if gitea uploader fails to open url (#18080) 2021-12-23 16:27:33 +00:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Show syntax lexer name in file view/blame (#21814) 2022-11-19 13:08:06 +02:00
validation Improve valid user name check (#20136) 2022-11-04 17:04:08 +08:00
watcher Share HTML template renderers and create a watcher framework (#20218) 2022-08-28 10:43:25 +01:00
web Improve valid user name check (#20136) 2022-11-04 17:04:08 +08:00