HTTP 500 error when adding push mirror with invalid character in URL
clmcavaney opened this issue · comments
Description
When I copied and pasted a URL for a push mirror it included a control character (in this case a tab).
After supplying a username and password, the user interface failed with an "Internal Server Error" (i.e. HTTP 500)
I tracked it down in the logs to be caused by this error:
2024/07/16 09:50:17 ...o/setting/setting.go:412:SettingsPost() [E] SanitizeURL: parse "https://github.com/<user redacted>/<repository redacted>\t": net/url: invalid control character in URL
2024/07/16 09:50:17 .../context_response.go:70:HTML() [D] Template: status/500
2024/07/16 09:50:17 ...eb/routing/logger.go:102:func1() [I] router: completed POST /<username redacted>/<repository redacted>/settings for [<IPv6 address redacted>]:0, 500 Internal Server Error in 76.2ms @ setting/setting.go:100(setting.SettingsPost)
I am wondering if the SettingsPost() method (specifically the SanitizeURL part) could be modified to trim off control characters from the start or end of what has been supplied as a URL?
Gitea Version
1.22.1 built with GNU Make 4.4.1, go1.22.5 : bindata, timetzdata, sqlite, sqlite_unlock_notify
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.45.2
Operating System
Docker container
How are you running Gitea?
Docker container
image: gitea/gitea:latest
Database
MySQL/MariaDB