From d109923ed8e58bce0ad26b47385edbc79403803d Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 29 Jul 2024 09:32:54 +0800 Subject: [PATCH] Make GetRepositoryByName more safer (#31712) Fix #31708 --- models/repo/repo.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/models/repo/repo.go b/models/repo/repo.go index a5b36dd8a..68f8e16a2 100644 --- a/models/repo/repo.go +++ b/models/repo/repo.go @@ -745,17 +745,18 @@ func GetRepositoryByOwnerAndName(ctx context.Context, ownerName, repoName string // GetRepositoryByName returns the repository by given name under user if exists. func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) { - repo := &Repository{ - OwnerID: ownerID, - LowerName: strings.ToLower(name), - } - has, err := db.GetEngine(ctx).Get(repo) + var repo Repository + has, err := db.GetEngine(ctx). + Where("`owner_id`=?", ownerID). + And("`lower_name`=?", strings.ToLower(name)). + NoAutoCondition(). + Get(&repo) if err != nil { return nil, err } else if !has { return nil, ErrRepoNotExist{0, ownerID, "", name} } - return repo, err + return &repo, err } // getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url