From 0632c46f0a8f19d389e4a70a8b6a920a654169f8 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Mon, 15 Feb 2021 11:15:17 -0700 Subject: [PATCH] Girocco/Project.pm: validate new JSON POST url with test POST If the JSON POST url changes from its previous value (a newly created project is considered to have "" as its previous value), then before saving the new JSON POST url into the project, attempt a test POST to see if it's actually usable. Refuse to accept the new JSON POST url if it fails the POST test. Signed-off-by: Kyle J. McKay --- Girocco/Project.pm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Girocco/Project.pm b/Girocco/Project.pm index 1556183..1c47a08 100644 --- a/Girocco/Project.pm +++ b/Girocco/Project.pm @@ -4,12 +4,13 @@ use strict; use warnings; BEGIN { + use Girocco::Config; use Girocco::CGI; use Girocco::User; use Girocco::Util; use Girocco::HashUtil; + use Girocco::Notify; use Girocco::ProjPerm; - use Girocco::Config; use base ('Girocco::ProjPerm::'.$Girocco::Config::permission_control); # mwahaha } @@ -629,6 +630,7 @@ sub ghost { $self->{users} = []; $self->{mirror} = $mirror; $self->{email} = $self->{orig_email} = ''; + $self->{notifyjson} = $self->{orig_notifyjson} = ''; $self; } @@ -666,6 +668,7 @@ sub load { $self->_properties_load; $self->{orig_email} = $self->{email}; + $self->{orig_notifyjson} = $self->{notifyjson}; $self->{loaded} = 1; # indicates self was loaded from etc/group file close $fd; return $self; @@ -834,6 +837,12 @@ sub cgi_fill { } } $self->{jsonsecret} = $gcgi->wparam('jsonsecret'); + my $origurl = $self->{orig_notifyjson}; + defined($origurl) or $origurl = ''; + $self->{notifyjson} eq $origurl || + $self->{notifyjson} eq "" || + Girocco::Notify::json_test_post($self) or + $gcgi->err("JSON notify URL failed POST test."); } if ($field_enabled->('notifycia')) { -- 2.11.4.GIT