Fix error message sanitiziation #3082
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
lafriks added type/refactoring 
Codecov Report
@@ Coverage Diff @@ ## master #3082 +/- ## ========================================== - Coverage 33.26% 33.24% -0.02% ========================================== Files 272 273 +1 Lines 39939 39947 +8 ========================================== - Hits 13284 13281 -3 - Misses 24757 24767 +10 - Partials 1898 1899 +1
Continue to review full report at Codecov.
|
tboerger added the lgtm/need 2 
| LGTM |
tboerger added lgtm/need 1 
sapk approved these changes Dec 4, 2017
| LGTM |
tboerger added lgtm/done 
appleboy approved these changes Dec 4, 2017
| make LG-TM work |
| @ethantkoenig please backport this also to #3078 |
ethantkoenig added a commit to ethantkoenig/gitea that referenced this pull request Dec 4, 2017
project-mirrors-bot-tu bot pushed a commit to project-mirrors/forgejo-as-gitea-fork that referenced this pull request Jan 23, 2025
- Fix the layout of admin pages, it previously was full-width and had the alert at the incorrect place and within an container. - Make the placement of the alert consistent with other pages, inside `flex-container-main` and not wrapped around a container. - We have to revert 145bebc, as this expected that the page contain provided padding, this was provided by the incorrect placement of the alert. As well isn't consistent with how other pages are being shown, non-full width. The solution to the described problem isn't optimal and should rather be fixed with the tables. - Reverts 145bebc - Resolves go-gitea#3082 (cherry picked from commit c2d0f64)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Fixes two sanitization issues:
HandleCloneUserCredentialsfunction did not cover the case where a message contained a sensitive URLs multiple times; only the first usage would be sanitized.MigratePosthandler, an unsanitized error could reach thehandleCreateError(..)function, which itself does not do any sanitization. As a result, unsanitized URL could be printed in logs.This PR additionally:
modules/utilnet/urlinstead of manually parsing urls (Sanitize logs for mirror sync (#3057, #3082) #3078 (comment))