0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-26 18:44:38 +01:00
gitea/routers/web
Sergey Zolotarev 7b79be24ca
Fix panic in storageHandler (#27446)
storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).

Example CURL command to trigger the panic:

```
curl -I "http://yourhost/gitea//avatars/a"
```

Fixes #27409

---

Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.

Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)
2023-10-06 13:23:14 +00:00
..
admin Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
auth Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
devtest
events
explore Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
feed More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
healthcheck
misc
org Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
repo Remove redundant len check around loop (#27464) 2023-10-06 14:49:37 +08:00
shared Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
user Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
base.go Fix panic in storageHandler (#27446) 2023-10-06 13:23:14 +00:00
goget.go
home.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
metrics.go
nodeinfo.go
swagger_json.go
web.go Allow get release download files and lfs files with oauth2 token format (#26430) 2023-10-01 10:41:52 +00:00
webfinger.go