Giters

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

Home Page:https://gitea.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

HTTP 500 error when adding push mirror with invalid character in URL

clmcavaney opened this issue · comments

commented

Description

When I copied and pasted a URL for a push mirror it included a control character (in this case a tab).
After supplying a username and password, the user interface failed with an "Internal Server Error" (i.e. HTTP 500)

I tracked it down in the logs to be caused by this error:

2024/07/16 09:50:17 ...o/setting/setting.go:412:SettingsPost() [E] SanitizeURL: parse "https://github.com/<user redacted>/<repository redacted>\t": net/url: invalid control character in URL
2024/07/16 09:50:17 .../context_response.go:70:HTML() [D] Template: status/500
2024/07/16 09:50:17 ...eb/routing/logger.go:102:func1() [I] router: completed POST /<username redacted>/<repository redacted>/settings for [<IPv6 address redacted>]:0, 500 Internal Server Error in 76.2ms @ setting/setting.go:100(setting.SettingsPost)

I am wondering if the SettingsPost() method (specifically the SanitizeURL part) could be modified to trim off control characters from the start or end of what has been supplied as a URL?

Gitea Version

1.22.1 built with GNU Make 4.4.1, go1.22.5 : bindata, timetzdata, sqlite, sqlite_unlock_notify

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.45.2

Operating System

Docker container

How are you running Gitea?

Docker container
image: gitea/gitea:latest

Database

MySQL/MariaDB