frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent http git urls from including username/pword

Browse Source
This commit is contained in:
Nick O'Leary
2018-02-02 22:43:29 +00:00
parent fc1436a96d
commit d1f7fd8bfd
5 changed files with 54 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
red/api/editor/projects/index.js
View File

@@ -501,6 +501,10 @@ module.exports = {
// Add a remote
app.post("/:id/remotes", needsPermission("projects.write"), function(req,res) {
var projectName = req.params.id;
if (/^https?:\/\/[^/]+@/i.test(req.body.url)) {
res.status(400).json({error:"unexpected_error", message:"Git http url must not include username/password"});
return;
}
runtime.storage.projects.addRemote(req.user, projectName, req.body).then(function() {
res.redirect(303,req.baseUrl+"/"+projectName+"/remotes");
}).catch(function(err) {