From 7e9a895007605dea94b8aa3a9cecbea46016e6e5 Mon Sep 17 00:00:00 2001
From: Giteabot <teabot@gitea.io>
Date: Mon, 29 Jul 2024 11:52:34 +0800
Subject: [PATCH] Make GetRepositoryByName more safer (#31712) (#31718)

Backport #31712 by @lunny

Fix #31708

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 models/repo/repo.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/models/repo/repo.go b/models/repo/repo.go
index 5d5707d1ac..2b5fcf43ec 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -741,17 +741,18 @@ func GetRepositoryByOwnerAndName(ctx context.Context, ownerName, repoName string
 
 // GetRepositoryByName returns the repository by given name under user if exists.
 func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repository, error) {
-	repo := &Repository{
-		OwnerID:   ownerID,
-		LowerName: strings.ToLower(name),
-	}
-	has, err := db.GetEngine(ctx).Get(repo)
+	var repo Repository
+	has, err := db.GetEngine(ctx).
+		Where("`owner_id`=?", ownerID).
+		And("`lower_name`=?", strings.ToLower(name)).
+		NoAutoCondition().
+		Get(&repo)
 	if err != nil {
 		return nil, err
 	} else if !has {
 		return nil, ErrRepoNotExist{0, ownerID, "", name}
 	}
-	return repo, err
+	return &repo, err
 }
 
 // getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url