[v15.0/forgejo] fix: secret name-prefix regex (#12216)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12213 Fixes: #12212 Sorry for this bug, I introduced it by not testing !10682 better. Now the `forbiddenPrefixPattern`-regex is compliant to the docu: ``` It cannot start with FORGEJO_, GITEA_, GITHUB_, or a number. ``` Co-authored-by: zokki <zokki.softwareschmiede@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12216 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2026-05-12 22:10:25 +00:00 · 2026-04-21 20:52:57 +02:00 · 2026-04-21 20:52:57 +02:00 · f47ed4c45e
commit f47ed4c45e
parent 2ba190f562
2 changed files with 7 additions and 1 deletions
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@ -20,7 +20,7 @@ import (

 var (
 	namePattern            = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$")
-	forbiddenPrefixPattern = regexp.MustCompile("(?i)^FORGEJO_|GITEA_|GITHUB_")
+	forbiddenPrefixPattern = regexp.MustCompile("(?i)^(FORGEJO_|GITEA_|GITHUB_|[0-9])")

 	ErrInvalidName = util.NewInvalidArgumentErrorf("invalid secret name")
 )
--- a/models/secret/secret_test.go
+++ b/models/secret/secret_test.go
@ -257,12 +257,18 @@ func TestSecretValidateName(t *testing.T) {
 		valid bool
 	}{
 		{"FORGEJO_", false},
+		{"PRE_FORGEJO_", true},
+		{"PRE_FORGEJO_SUF", true},
 		{"FORGEJO_123", false},
 		{"FORGEJO_ABC", false},
 		{"GITEA_", false},
+		{"PRE_GITEA_", true},
+		{"PRE_GITEA_SUF", true},
 		{"GITEA_123", false},
 		{"GITEA_ABC", false},
 		{"GITHUB_", false},
+		{"PRE_GITHUB_", true},
+		{"PRE_GITHUB_SUF", true},
 		{"GITHUB_123", false},
 		{"GITHUB_ABC", false},
 		{"123_TEST", false},