ATProto Browser
Experimental browser for the Atmosphere
Experimental browser for the Atmosphere
{
"uri": "at://did:plc:hwevmowznbiukdf6uk5dwrrq/sh.tangled.repo.pull/3lmx2uupy2m22",
"cid": "bafyreibi4pocqp627ajguwsrcv3bv5ex3ium7t5o3ghtqcqqsneipxkeru",
"value": {
"$type": "sh.tangled.repo.pull",
"patch": "diff --git a/appview/state/repo.go b/appview/state/repo.go\nindex 908c2a2..22bafee 100644\n--- a/appview/state/repo.go\n+++ b/appview/state/repo.go\n@@ -21,6 +21,7 @@ import (\n \t\"github.com/bluesky-social/indigo/atproto/syntax\"\n \tsecurejoin \"github.com/cyphar/filepath-securejoin\"\n \t\"github.com/go-chi/chi/v5\"\n+\t\"github.com/go-git/go-git/v5/plumbing\"\n \t\"tangled.sh/tangled.sh/core/api/tangled\"\n \t\"tangled.sh/tangled.sh/core/appview/auth\"\n \t\"tangled.sh/tangled.sh/core/appview/db\"\n@@ -248,6 +249,12 @@ func (s *State) RepoCommit(w http.ResponseWriter, r *http.Request) {\n \tif !s.config.Dev {\n \t\tprotocol = \"https\"\n \t}\n+\n+\tif !plumbing.IsHash(ref) {\n+\t\ts.pages.Error404(w)\n+\t\treturn\n+\t}\n+\n \tresp, err := http.Get(fmt.Sprintf(\"%s://%s/%s/%s/commit/%s\", protocol, f.Knot, f.OwnerDid(), f.RepoName, ref))\n \tif err != nil {\n \t\tlog.Println(\"failed to reach knotserver\", err)\n",
"title": "appview: state: verify if commit is a valid hash before fetching",
"pullId": 53,
"targetRepo": "at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.repo/3liuighjy2h22",
"targetBranch": "master"
}
}