From 14a2b7e9b5765de3145c63e22affee06f20e33fc Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Thu, 3 Apr 2008 16:50:53 +0000 Subject: [PATCH] Verify rev and rev_to params format in RepositoriesController. And turn revision arguments into integers in SubversionAdapter. git-svn-id: http://redmine.rubyforge.org/svn/trunk@1324 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/repositories_controller.rb | 11 ++++++++--- lib/redmine/scm/adapters/subversion_adapter.rb | 14 ++++++-------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 10c235d65..9b59b51ec 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -19,8 +19,8 @@ require 'SVG/Graph/Bar' require 'SVG/Graph/BarHorizontal' require 'digest/sha1' -class ChangesetNotFound < Exception -end +class ChangesetNotFound < Exception; end +class InvalidRevisionParam < Exception; end class RepositoriesController < ApplicationController layout 'base' @@ -135,7 +135,6 @@ class RepositoriesController < ApplicationController end def diff - @rev_to = params[:rev_to] @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline' @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type) @@ -180,6 +179,8 @@ private render_404 end + REV_PARAM_RE = %r{^[a-f0-9]*$} + def find_repository @project = Project.find(params[:id]) @repository = @project.repository @@ -187,8 +188,12 @@ private @path = params[:path].join('/') unless params[:path].nil? @path ||= '' @rev = params[:rev] + @rev_to = params[:rev_to] + raise InvalidRevisionParam unless @rev.to_s.match(REV_PARAM_RE) && @rev.to_s.match(REV_PARAM_RE) rescue ActiveRecord::RecordNotFound render_404 + rescue InvalidRevisionParam + show_error_not_found end def show_error_not_found diff --git a/lib/redmine/scm/adapters/subversion_adapter.rb b/lib/redmine/scm/adapters/subversion_adapter.rb index 1e0320e2c..efbd3ba8e 100644 --- a/lib/redmine/scm/adapters/subversion_adapter.rb +++ b/lib/redmine/scm/adapters/subversion_adapter.rb @@ -62,7 +62,7 @@ module Redmine # or nil if the given path doesn't exist in the repository def entries(path=nil, identifier=nil) path ||= '' - identifier = 'HEAD' unless identifier and identifier > 0 + identifier = (identifier and identifier.to_i > 0) ? identifier.to_i : "HEAD" entries = Entries.new cmd = "#{SVN_BIN} list --xml #{target(path)}@#{identifier}" cmd << credentials_string @@ -94,8 +94,8 @@ module Redmine def revisions(path=nil, identifier_from=nil, identifier_to=nil, options={}) path ||= '' - identifier_from = 'HEAD' unless identifier_from and identifier_from.to_i > 0 - identifier_to = 1 unless identifier_to and identifier_to.to_i > 0 + identifier_from = (identifier_from and identifier_from.to_i > 0) ? identifier_from.to_i : "HEAD" + identifier_to = (identifier_to and identifier_to.to_i > 0) ? identifier_to.to_i : 1 revisions = Revisions.new cmd = "#{SVN_BIN} log --xml -r #{identifier_from}:#{identifier_to}" cmd << credentials_string @@ -131,11 +131,9 @@ module Redmine def diff(path, identifier_from, identifier_to=nil, type="inline") path ||= '' - if identifier_to and identifier_to.to_i > 0 - identifier_to = identifier_to.to_i - else - identifier_to = identifier_from.to_i - 1 - end + identifier_from = (identifier_from and identifier_from.to_i > 0) ? identifier_from.to_i : '' + identifier_to = (identifier_to and identifier_to.to_i > 0) ? identifier_to.to_i : (identifier_from.to_i - 1) + cmd = "#{SVN_BIN} diff -r " cmd << "#{identifier_to}:" cmd << "#{identifier_from}"