diff --git a/modules/context/context.go b/modules/context/context.go index e89b2e25c4c95..ef6c19ed125c3 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -250,6 +250,19 @@ func Contexter() macaron.Handler { if ctx.Query("go-get") == "1" { ownerName := c.Params(":username") repoName := c.Params(":reponame") + trimmedRepoName := strings.TrimSuffix(repoName, ".git") + + if ownerName == "" || trimmedRepoName == "" { + _, _ = c.Write([]byte(` + + + invalid import path + + +`)) + c.WriteHeader(400) + return + } branchName := "master" repo, err := models.GetRepositoryByOwnerAndName(ownerName, repoName) @@ -277,7 +290,7 @@ func Contexter() macaron.Handler { `, map[string]string{ - "GoGetImport": ComposeGoGetImport(ownerName, strings.TrimSuffix(repoName, ".git")), + "GoGetImport": ComposeGoGetImport(ownerName, trimmedRepoName), "CloneLink": models.ComposeHTTPSCloneURL(ownerName, repoName), "GoDocDirectory": prefix + "{/dir}", "GoDocFile": prefix + "{/dir}/{file}#L{line}", diff --git a/modules/context/repo.go b/modules/context/repo.go index 1499145f74f66..3ef726f2e8ee4 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -201,10 +201,14 @@ func ComposeGoGetImport(owner, repo string) string { // .netrc file. func EarlyResponseForGoGetMeta(ctx *Context) { username := ctx.Params(":username") - reponame := ctx.Params(":reponame") + reponame := strings.TrimSuffix(ctx.Params(":reponame"), ".git") + if username == "" || reponame == "" { + ctx.PlainText(400, []byte("invalid repository path")) + return + } ctx.PlainText(200, []byte(com.Expand(``, map[string]string{ - "GoGetImport": ComposeGoGetImport(username, strings.TrimSuffix(reponame, ".git")), + "GoGetImport": ComposeGoGetImport(username, reponame), "CloneLink": models.ComposeHTTPSCloneURL(username, reponame), }))) }