From ab0a79cb087527ef6ec2778f3c820a621ae1a11e Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 26 Jul 2024 22:22:13 -0700 Subject: [PATCH 1/2] Make GetRepositoryByName more safer --- models/repo/repo.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/models/repo/repo.go b/models/repo/repo.go index a5b36dd8a17b5..1d9331b7b9ae9 100644 --- a/models/repo/repo.go +++ b/models/repo/repo.go @@ -745,17 +745,18 @@ func GetRepositoryByOwnerAndName(ctx context.Context, ownerName, repoName string // GetRepositoryByName returns the repository by given name under user if exists. func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) { - repo := &Repository{ - OwnerID: ownerID, - LowerName: strings.ToLower(name), - } - has, err := db.GetEngine(ctx).Get(repo) + var repo Repository + has, err := db.GetEngine(ctx). + Where("`owner_id`=?", ownerID). + And("`lower_name`=?", strings.ToLower(name)). + NoAutoCondition(). + Get(repo) if err != nil { return nil, err } else if !has { return nil, ErrRepoNotExist{0, ownerID, "", name} } - return repo, err + return &repo, err } // getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url From 79553a679f5f9b8e300125d98e3e69b2a6137cd6 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 26 Jul 2024 22:25:04 -0700 Subject: [PATCH 2/2] Fix parameter of Get --- models/repo/repo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/repo/repo.go b/models/repo/repo.go index 1d9331b7b9ae9..68f8e16a21d58 100644 --- a/models/repo/repo.go +++ b/models/repo/repo.go @@ -750,7 +750,7 @@ func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repo Where("`owner_id`=?", ownerID). And("`lower_name`=?", strings.ToLower(name)). NoAutoCondition(). - Get(repo) + Get(&repo) if err != nil { return nil, err } else if !has {