Merge pull request '[gitea] week 2024-25-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' (#4146) from earl-warren/wcp/2024-25-v7.0 into v7.0/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4146 Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-18 07:55:54 +00:00 · 2024-06-18 07:55:54 +00:00 · 34c970d4e5
commit 34c970d4e5
parent fa54833436 5233f5f3e5
5 changed files with 104 additions and 5 deletions
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@ -48,7 +48,7 @@ var (
 	// hashCurrentPattern matches string that represents a commit SHA, e.g. d8a994ef243349f321568f9e36d5c3f444b99cae
 	// Although SHA1 hashes are 40 chars long, SHA256 are 64, the regex matches the hash from 7 to 64 chars in length
 	// so that abbreviated hash links can be used as well. This matches git and GitHub usability.
-	hashCurrentPattern = regexp.MustCompile(`(?:\s|^|\(|\[)([0-9a-f]{7,64})(?:\s|$|\)|\]|[.,](\s|$))`)
+	hashCurrentPattern = regexp.MustCompile(`(?:\s|^|\(|\[)([0-9a-f]{7,64})(?:\s|$|\)|\]|[.,:](\s|$))`)

 	// shortLinkPattern matches short but difficult to parse [[name|link|arg=test]] syntax
 	shortLinkPattern = regexp.MustCompile(`\[\[(.*?)\]\](\w*)`)
--- a/modules/markup/html_internal_test.go
+++ b/modules/markup/html_internal_test.go
@ -381,6 +381,7 @@ func TestRegExp_sha1CurrentPattern(t *testing.T) {
 		"(abcdefabcdefabcdefabcdefabcdefabcdefabcd)",
 		"[abcdefabcdefabcdefabcdefabcdefabcdefabcd]",
 		"abcdefabcdefabcdefabcdefabcdefabcdefabcd.",
+		"abcdefabcdefabcdefabcdefabcdefabcdefabcd:",
 	}
 	falseTestCases := []string{
 		"test",
--- a/modules/web/middleware/cookie.go
+++ b/modules/web/middleware/cookie.go
@ -35,6 +35,10 @@ func GetSiteCookie(req *http.Request, name string) string {

 // SetSiteCookie returns given cookie value from request header.
 func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
+	// Previous versions would use a cookie path with a trailing /.
+	// These are more specific than cookies without a trailing /, so
+	// we need to delete these if they exist.
+	deleteLegacySiteCookie(resp, name)
 	cookie := &http.Cookie{
 		Name:     name,
 		Value:    url.QueryEscape(value),
@ -46,10 +50,6 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {
 		SameSite: setting.SessionConfig.SameSite,
 	}
 	resp.Header().Add("Set-Cookie", cookie.String())
-	// Previous versions would use a cookie path with a trailing /.
-	// These are more specific than cookies without a trailing /, so
-	// we need to delete these if they exist.
-	deleteLegacySiteCookie(resp, name)
 }

 // deleteLegacySiteCookie deletes the cookie with the given name at the cookie