From d7c70c2f212ac34f8f6c34f34aea76a217fb507e Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <[EMAIL REDACTED]>
Date: Tue, 14 Jun 2022 23:22:42 -0400
Subject: [PATCH] When trusted users push without a PR, determine the hash
while locked.
Otherwise, our query of HEAD's hash might get the wrong commit if something
else grabs the lock and makes changes.
---
index.php | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/index.php b/index.php
index f628307..0c50b48 100644
--- a/index.php
+++ b/index.php
@@ -762,6 +762,7 @@ function make_new_page_version($page, $ext, $newtext, $comment)
}
}
+ $hash = '';
$cmd = '';
$trusted_author = $_SESSION['is_trusted'] || $_SESSION['is_admin']; // trusted/admin authors push right to main. Untrusted authors generate pull requests.
$escmain = $github_repo_main_branch;
@@ -774,6 +775,11 @@ function make_new_page_version($page, $ext, $newtext, $comment)
unset($output);
$failed = (exec($cmd, $output, $result) === false) || ($result != 0);
unlink($git_commit_message_file);
+
+ if (!$failed && $trusted_author) {
+ $hash = `cd $escrawdata ; git show-ref -s HEAD`;
+ }
+
exec("cd $escrawdata && git checkout $escmain && ( git reset --hard HEAD ; git clean -df )"); // just in case.
$cooked = '';
@@ -795,7 +801,6 @@ function make_new_page_version($page, $ext, $newtext, $comment)
}
if ($trusted_author) {
- $hash = `cd $escrawdata ; git show-ref -s HEAD`;
print_template('pushed_to_main', [ 'hash' => $hash, 'commiturl' => "$github_url/commit/$hash", 'cooked' => $cooked ]);
} else { // generate a pull request so we can review before applying.
$user = $_SESSION['github_user'];
@@ -861,6 +866,7 @@ function delete_page($page, $comment)
fail400("No such page to delete.");
}
+ $hash = '';
$cmd = '';
$trusted_author = $_SESSION['is_trusted'] || $_SESSION['is_admin']; // trusted/admin authors push right to main. Untrusted authors generate pull requests.
@@ -874,6 +880,11 @@ function delete_page($page, $comment)
unset($output);
$failed = (exec($cmd, $output, $result) === false) || ($result != 0);
unlink($git_commit_message_file);
+
+ if (!$failed && $trusted_author) {
+ $hash = `cd $escrawdata ; git show-ref -s HEAD`;
+ }
+
exec("cd $escrawdata && git checkout $escmain && ( git reset --hard HEAD ; git clean -df )"); // just in case.
release_git_repo_lock();
@@ -890,7 +901,6 @@ function delete_page($page, $comment)
$cooked = '[page deleted]';
if ($trusted_author) {
- $hash = `cd $escrawdata ; git show-ref -s HEAD`;
print_template('pushed_to_main', [ 'hash' => $hash, 'commiturl' => "$github_url/commit/$hash", 'cooked' => $cooked ]);
} else { // generate a pull request so we can review before applying.
$user = $_SESSION['github_user'];