From 7850fa30a5cb66faa76324fe87a923a5720a6456 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 29 Jul 2024 09:32:54 +0800
Subject: [PATCH] Make GetRepositoryByName more safer (#31712)

Fix #31708

(cherry picked from commit d109923ed8e58bce0ad26b47385edbc79403803d)
---
 models/repo/repo.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/models/repo/repo.go b/models/repo/repo.go
index 6db7c30513..cd6be48b90 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -766,17 +766,18 @@ func GetRepositoryByOwnerAndName(ctx context.Context, ownerName, repoName string
 
 // GetRepositoryByName returns the repository by given name under user if exists.
 func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) {
-	repo := &Repository{
-		OwnerID:   ownerID,
-		LowerName: strings.ToLower(name),
-	}
-	has, err := db.GetEngine(ctx).Get(repo)
+	var repo Repository
+	has, err := db.GetEngine(ctx).
+		Where("`owner_id`=?", ownerID).
+		And("`lower_name`=?", strings.ToLower(name)).
+		NoAutoCondition().
+		Get(&repo)
 	if err != nil {
 		return nil, err
 	} else if !has {
 		return nil, ErrRepoNotExist{0, ownerID, "", name}
 	}
-	return repo, err
+	return &repo, err
 }
 
 // getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url