# HG changeset patch # User RhodeCode Admin # Date 2023-01-11 21:47:29 # Node ID bbd9cbf6785df8291e964c0d60ce66b956b13c09 # Parent 01f1016674efcfda1300cbfc4c66b4d725bf49f6 routing: detect invalid repo/group names before we hit DB checks to prevent some errors for bad repo names diff --git a/rhodecode/apps/_base/__init__.py b/rhodecode/apps/_base/__init__.py --- a/rhodecode/apps/_base/__init__.py +++ b/rhodecode/apps/_base/__init__.py @@ -26,6 +26,7 @@ from pyramid import compat from pyramid.httpexceptions import HTTPFound, HTTPForbidden, HTTPBadRequest from rhodecode.lib import helpers as h, diffs, rc_cache +from rhodecode.lib.utils import repo_name_slug from rhodecode.lib.utils2 import ( StrictAttributeDict, str2bool, safe_int, datetime_to_time, safe_unicode) from rhodecode.lib.markup_renderer import MarkupRenderer, relative_links @@ -617,6 +618,10 @@ class RepoRoutePredicate(object): return repo_name = info['match']['repo_name'] + if repo_name != repo_name_slug(repo_name): + # short-skip if the repo-name doesn't follow slug rule + return False + repo_model = repo.RepoModel() by_name_match = repo_model.get_by_repo_name(repo_name, cache=False) @@ -722,6 +727,9 @@ class RepoGroupRoutePredicate(object): return repo_group_name = info['match']['repo_group_name'] + if repo_group_name != repo_name_slug(repo_group_name): + return False + repo_group_model = repo_group.RepoGroupModel() by_name_match = repo_group_model.get_by_group_name(repo_group_name, cache=False)