From d3d828498599763c6a6364e112fe3b96de737377 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Mon, 10 Dec 2018 22:21:42 -0500
Subject: [PATCH] templates: sanitize special links in commit message (#5545)

Reported by @cezar97.
---
 gogs.go                           |  2 +-
 pkg/template/template.go          | 14 ++++++++------
 templates/.VERSION                |  2 +-
 templates/repo/commits_table.tmpl |  2 +-
 templates/repo/diff/page.tmpl     |  2 +-
 templates/repo/view_list.tmpl     |  4 ++--
 6 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/gogs.go b/gogs.go
index d0681aae1..66076b2b3 100644
--- a/gogs.go
+++ b/gogs.go
@@ -16,7 +16,7 @@ import (
 	"github.com/gogs/gogs/pkg/setting"
 )
 
-const APP_VER = "0.11.77.1206"
+const APP_VER = "0.11.78.1210"
 
 func init() {
 	setting.AppVer = APP_VER
diff --git a/pkg/template/template.go b/pkg/template/template.go
index 8a85980a9..6e9c4a323 100644
--- a/pkg/template/template.go
+++ b/pkg/template/template.go
@@ -64,7 +64,7 @@ func NewFuncMap() []template.FuncMap {
 		"AppendAvatarSize": tool.AppendAvatarSize,
 		"Safe":             Safe,
 		"Sanitize":         bluemonday.UGCPolicy().Sanitize,
-		"Str2html":         Str2HTML,
+		"Str2html":         Str2HTML, // TODO: Rename to Str2HTML
 		"NewLine2br":       NewLine2br,
 		"TimeSince":        tool.TimeSince,
 		"RawTimeSince":     tool.RawTimeSince,
@@ -176,12 +176,14 @@ func ToUTF8WithErr(content []byte) (error, string) {
 	return err, result
 }
 
+// FIXME: Unused function
 func ToUTF8(content string) string {
 	_, res := ToUTF8WithErr([]byte(content))
 	return res
 }
 
 // Replaces all prefixes 'old' in 's' with 'new'.
+// FIXME: Unused function
 func ReplaceLeft(s, old, new string) string {
 	old_len, new_len, i, n := len(old), len(new), 0, 0
 	for ; i < len(s) && strings.HasPrefix(s[i:], old); n += 1 {
@@ -206,16 +208,16 @@ func ReplaceLeft(s, old, new string) string {
 	return string(replacement)
 }
 
-// RenderCommitMessage renders commit message with XSS-safe and special links.
-func RenderCommitMessage(full bool, msg, urlPrefix string, metas map[string]string) template.HTML {
+// RenderCommitMessage renders commit message with special links.
+func RenderCommitMessage(full bool, msg, urlPrefix string, metas map[string]string) string {
 	cleanMsg := template.HTMLEscapeString(msg)
 	fullMessage := string(markup.RenderIssueIndexPattern([]byte(cleanMsg), urlPrefix, metas))
 	msgLines := strings.Split(strings.TrimSpace(fullMessage), "\n")
 	numLines := len(msgLines)
 	if numLines == 0 {
-		return template.HTML("")
+		return ""
 	} else if !full {
-		return template.HTML(msgLines[0])
+		return msgLines[0]
 	} else if numLines == 1 || (numLines >= 2 && len(msgLines[1]) == 0) {
 		// First line is a header, standalone or followed by empty line
 		header := fmt.Sprintf("<h3>%s</h3>", msgLines[0])
@@ -228,7 +230,7 @@ func RenderCommitMessage(full bool, msg, urlPrefix string, metas map[string]stri
 		// Non-standard git message, there is no header line
 		fullMessage = fmt.Sprintf("<h4>%s</h4>", strings.Join(msgLines, "<br>"))
 	}
-	return template.HTML(fullMessage)
+	return fullMessage
 }
 
 type Actioner interface {
diff --git a/templates/.VERSION b/templates/.VERSION
index a87c12f60..704b4d269 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.11.77.1206
+0.11.78.1210
diff --git a/templates/repo/commits_table.tmpl b/templates/repo/commits_table.tmpl
index 1b835d33c..a386b14ea 100644
--- a/templates/repo/commits_table.tmpl
+++ b/templates/repo/commits_table.tmpl
@@ -47,7 +47,7 @@
 							{{else}}
 								<a rel="nofollow" class="ui sha label" href="{{AppSubURL}}/{{$.Username}}/{{$.Reponame}}/commit/{{.ID}}">{{ShortSHA1 .ID.String}}</a>
 							{{end}}
-							<span class="{{if gt .ParentCount 1}}grey text {{end}} has-emoji">{{RenderCommitMessage false .Summary $.RepoLink $.Repository.ComposeMetas}}</span>
+							<span class="{{if gt .ParentCount 1}}grey text {{end}} has-emoji">{{RenderCommitMessage false .Summary $.RepoLink $.Repository.ComposeMetas | Str2html}}</span>
 						</td>
 						<td class="grey text right aligned">{{TimeSince .Author.When $.Lang}}</td>
 					</tr>
diff --git a/templates/repo/diff/page.tmpl b/templates/repo/diff/page.tmpl
index eae67b7f9..a5716e6ec 100644
--- a/templates/repo/diff/page.tmpl
+++ b/templates/repo/diff/page.tmpl
@@ -9,7 +9,7 @@
 				<a class="ui floated right blue tiny button" href="{{EscapePound .SourcePath}}">
 					{{.i18n.Tr "repo.diff.browse_source"}}
 				</a>
-				{{RenderCommitMessage true .Commit.Message $.RepoLink $.Repository.ComposeMetas}}
+				{{RenderCommitMessage true .Commit.Message $.RepoLink $.Repository.ComposeMetas | Str2html}}
 			</div>
 			<div class="ui attached info segment">
 				{{if .Author}}
diff --git a/templates/repo/view_list.tmpl b/templates/repo/view_list.tmpl
index d3fe6811f..3e8b5a532 100644
--- a/templates/repo/view_list.tmpl
+++ b/templates/repo/view_list.tmpl
@@ -10,7 +10,7 @@
 					<strong>{{.LatestCommit.Author.Name}}</strong>
 				{{end}}
 				<a rel="nofollow" class="ui sha label" href="{{.RepoLink}}/commit/{{.LatestCommit.ID}}" rel="nofollow">{{ShortSHA1 .LatestCommit.ID.String}}</a>
-				<span class="grey has-emoji">{{RenderCommitMessage false .LatestCommit.Summary .RepoLink $.Repository.ComposeMetas}}</span>
+				<span class="grey has-emoji">{{RenderCommitMessage false .LatestCommit.Summary .RepoLink $.Repository.ComposeMetas | Str2html}}</span>
 			</th>
 			<th class="nine wide">
 			</th>
@@ -49,7 +49,7 @@
 				{{end}}
 				<td class="message collapsing has-emoji">
 					<a rel="nofollow" class="ui sha label" href="{{$.RepoLink}}/commit/{{$commit.ID}}">{{ShortSHA1 $commit.ID.String}}</a>
-					{{RenderCommitMessage false $commit.Summary $.RepoLink $.Repository.ComposeMetas}}
+					{{RenderCommitMessage false $commit.Summary $.RepoLink $.Repository.ComposeMetas | Str2html}}
 				</td>
 				<td class="text grey right age">{{TimeSince $commit.Committer.When $.Lang}}</td>
 			</tr>