diff options
Diffstat (limited to 'modules/base')
| -rw-r--r-- | modules/base/base.go | 2 | ||||
| -rw-r--r-- | modules/base/markdown.go | 23 | ||||
| -rw-r--r-- | modules/base/tool.go | 37 |
3 files changed, 33 insertions, 29 deletions
diff --git a/modules/base/base.go b/modules/base/base.go index c9875fb5..45e2151e 100644 --- a/modules/base/base.go +++ b/modules/base/base.go @@ -16,8 +16,6 @@ type ( TplName string ) -var GoGetMetas = make(map[string]bool) - // ExecPath returns the executable path. func ExecPath() (string, error) { file, err := exec.LookPath(os.Args[0]) diff --git a/modules/base/markdown.go b/modules/base/markdown.go index 0ef379b8..10158edd 100644 --- a/modules/base/markdown.go +++ b/modules/base/markdown.go @@ -21,6 +21,8 @@ import ( "github.com/gogits/gogs/modules/setting" ) +// TODO: put this into 'markdown' module. + func isletter(c byte) bool { return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') } @@ -29,16 +31,10 @@ func isalnum(c byte) bool { return (c >= '0' && c <= '9') || isletter(c) } -var validLinks = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")} +var validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`) func isLink(link []byte) bool { - for _, prefix := range validLinks { - if len(link) > len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) && isalnum(link[len(prefix)]) { - return true - } - } - - return false + return validLinksPattern.Match(link) } func IsMarkdownFile(name string) bool { @@ -155,6 +151,8 @@ func (options *CustomRender) ListItem(out *bytes.Buffer, text []byte, flags int) var ( svgSuffix = []byte(".svg") svgSuffixWithMark = []byte(".svg?") + spaceBytes = []byte(" ") + spaceEncodedBytes = []byte("%20") ) func (r *CustomRender) Image(out *bytes.Buffer, link []byte, title []byte, alt []byte) { @@ -170,7 +168,8 @@ func (r *CustomRender) Image(out *bytes.Buffer, link []byte, title []byte, alt [ if link[0] != '/' { prefix += "/" } - link = []byte(prefix + string(link)) + link = bytes.Replace([]byte((prefix + string(link))), spaceBytes, spaceEncodedBytes, -1) + fmt.Println(333, string(link)) } } @@ -187,7 +186,7 @@ func cutoutVerbosePrefix(prefix string) string { if prefix[i] == '/' { count++ } - if count >= 3 { + if count >= 3+setting.AppSubUrlDepth { return prefix[:i] } } @@ -304,10 +303,10 @@ OUTER_LOOP: } // If this is the close tag to the outer-most, we are done - if token.Type == html.EndTagToken && strings.EqualFold(tagName, token.Data) { + if token.Type == html.EndTagToken { stackNum-- - if stackNum == 0 { + if stackNum <= 0 && strings.EqualFold(tagName, token.Data) { break } } diff --git a/modules/base/tool.go b/modules/base/tool.go index f98ae28b..811a7696 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -26,21 +26,23 @@ import ( "github.com/gogits/chardet" - "github.com/gogits/gogs/modules/avatar" "github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/setting" ) -func BuildSanitizer() (p *bluemonday.Policy) { - p = bluemonday.UGCPolicy() - p.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") +var Sanitizer = bluemonday.UGCPolicy() - p.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") - p.AllowAttrs("checked", "disabled").OnElements("input") - return p -} +func BuildSanitizer() { + // Normal markdown-stuff + Sanitizer.AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code") + + // Checkboxes + Sanitizer.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input") + Sanitizer.AllowAttrs("checked", "disabled").OnElements("input") -var Sanitizer = BuildSanitizer() + // Custom URL-Schemes + Sanitizer.AllowURLSchemes(setting.Markdown.CustomURLSchemes...) +} // EncodeMD5 encodes string to md5 hex value. func EncodeMD5(str string) string { @@ -206,17 +208,22 @@ func CreateTimeLimitCode(data string, minutes int, startInf interface{}) string return code } -// AvatarLink returns avatar link by given e-mail. +// HashEmail hashes email address to MD5 string. +// https://en.gravatar.com/site/implement/hash/ +func HashEmail(email string) string { + email = strings.ToLower(strings.TrimSpace(email)) + h := md5.New() + h.Write([]byte(email)) + return hex.EncodeToString(h.Sum(nil)) +} + +// AvatarLink returns avatar link by given email. func AvatarLink(email string) string { if setting.DisableGravatar || setting.OfflineMode { return setting.AppSubUrl + "/img/avatar_default.jpg" } - gravatarHash := avatar.HashEmail(email) - if setting.Service.EnableCacheAvatar { - return setting.AppSubUrl + "/avatar/" + gravatarHash - } - return setting.GravatarSource + gravatarHash + return setting.GravatarSource + HashEmail(email) } // Seconds-based time units |