forgejo-federation/services
zeripath e77b76425e
Prepend refs/heads/ to issue template refs (#20461)
Fix #20456

At some point during the 1.17 cycle abbreviated refishs to issue
branches started breaking. This is likely due serious inconsistencies in
our management of refs throughout Gitea - which is a bug needing to be
addressed in a different PR. (Likely more than one)

We should try to use non-abbreviated `fullref`s as much as possible.
That is where a user has inputted a abbreviated `refish` we should add
`refs/heads/` if it is `branch` etc. I know people keep writing and
merging PRs that remove prefixes from stored content but it is just
wrong and it keeps causing problems like this. We should only remove the
prefix at the time of
presentation as the prefix is the only way of knowing umambiguously and
permanently if the `ref` is referring to a `branch`, `tag` or `commit` /
`SHA`. We need to make it so that every ref has the appropriate prefix,
and probably also need to come up with some definitely unambiguous way
of storing `SHA`s if they're used in a `ref` or `refish` field. We must
not store a potentially
ambiguous `refish` as a `ref`. (Especially when referring a `tag` -
there is no reason why users cannot create a `branch` with the same
short name as a `tag` and vice versa and any attempt to prevent this
will fail. You can even create a `branch` and a
`tag` that matches the `SHA` pattern.)

To that end in order to fix this bug, when parsing issue templates check
the provided `Ref` (here a `refish` because almost all users do not know
or understand the subtly), if it does not start with `refs/` add the
`BranchPrefix` to it. This allows people to make their templates refer
to a `tag` but not to a `SHA` directly. (I don't think that is
particularly unreasonable but if people disagree I can make the `refish`
be checked to see if it matches the `SHA` pattern.)

Next we need to handle the issue links that are already written. The
links here are created with `git.RefURL`

Here we see there is a bug introduced in #17551 whereby the provided
`ref` argument can be double-escaped so we remove the incorrect external
escape. (The escape added in #17551 is in the right place -
unfortunately I missed that the calling function was doing the wrong
thing.)

Then within `RefURL()` we check if an unprefixed `ref` (therefore
potentially a `refish`) matches the `SHA` pattern before assuming that
is actually a `commit` - otherwise is assumed to be a `branch`. This
will handle most of the problem cases excepting the very unusual cases
where someone has deliberately written a `branch` to look like a `SHA1`.

But please if something is called a `ref` or interpreted as a `ref` make
it a full-ref before storing or using it. By all means if something is a
`branch` assume the prefix is removed but always add it back in if you
are using it as a `ref`. Stop storing abbreviated `branch` names and
`tag` names - which are `refish` as a `ref`. It will keep on causing
problems like this.

Fix #20456

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-22 20:58:49 +08:00
..
agit Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
asymkey Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
attachment Allow detect whether it's in a database transaction for a context.Context (#21756) 2022-11-12 21:18:50 +01:00
auth Revert unrelated changes for SMTP auth (#21767) 2022-11-10 16:12:23 -05:00
automerge Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
comments Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
context Move almost all functions' parameter db.Engine to context.Context (#19748) 2022-05-20 22:08:52 +08:00
cron Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
externalaccount Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
forms Add package registry cleanup rules (#21658) 2022-11-20 16:08:38 +02:00
gitdiff Show syntax lexer name in file view/blame (#21814) 2022-11-19 13:08:06 +02:00
issue Prepend refs/heads/ to issue template refs (#20461) 2022-11-22 20:58:49 +08:00
lfs Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
mailer Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
markup Link mentioned user in markdown only if they are visible to viewer (#21554) 2022-10-23 17:13:52 +08:00
migrations Replace yaml.v2 with yaml.v3 (#21832) 2022-11-21 16:36:59 +08:00
mirror Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
org Allow detect whether it's in a database transaction for a context.Context (#21756) 2022-11-12 21:18:50 +01:00
packages Add package registry cleanup rules (#21658) 2022-11-20 16:08:38 +02:00
pull Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
release Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
repository Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
task Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
user Add context.Context to more methods (#21546) 2022-11-19 16:12:33 +08:00
webhook Fix wechatwork webhook sends empty content in PR review (#21762) 2022-11-19 15:19:14 +00:00
wiki Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00