From 21442e8727b4de2ea31f926c947154a06c3c02ca Mon Sep 17 00:00:00 2001
From: Gusted <williamzijl7@hotmail.com>
Date: Sun, 30 Jan 2022 20:52:51 +0100
Subject: [PATCH 1/2] Don't panic & allow shorter sha1

- Don't panic when the full regex isn't matched and allow the usage of a
shorter sha1 being used.
- Resolves #18471
---
 modules/markup/html.go      |  9 ++++++++-
 modules/markup/html_test.go | 13 +++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index e28e26c6d16d..0407a83c1a0a 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -55,7 +55,7 @@ var (
 	anySHA1Pattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(/[-+~_%.a-zA-Z0-9/]+)?(#[-+~_%.a-zA-Z0-9]+)?`)
 
 	// comparePattern matches "http://domain/org/repo/compare/COMMIT1...COMMIT2#hash"
-	comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{40})(\.\.\.?)([0-9a-f]{40})?(#[-+~_%.a-zA-Z0-9]+)?`)
+	comparePattern = regexp.MustCompile(`https?://(?:\S+/){4,5}([0-9a-f]{7,40})(\.\.\.?)([0-9a-f]{7,40})?(#[-+~_%.a-zA-Z0-9]+)?`)
 
 	validLinksPattern = regexp.MustCompile(`^[a-z][\w-]+://`)
 
@@ -946,6 +946,13 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
 			return
 		}
 
+		// Check m[0...7] to not be be -1
+		for i := 0; i < 8; i++ {
+			if m[i] == -1 {
+				return
+			}
+		}
+
 		urlFull := node.Data[m[0]:m[1]]
 		text1 := base.ShortSha(node.Data[m[2]:m[3]])
 		textDots := base.ShortSha(node.Data[m[4]:m[5]])
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index ee9b17df2ff1..29bf6c8fcbc6 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -548,3 +548,16 @@ func TestFuzz(t *testing.T) {
 
 	assert.NoError(t, err)
 }
+
+func TestIssue18471(t *testing.T) {
+	data := `http://domain/org/repo/compare/783b039...da951ce`
+
+	var res strings.Builder
+	err := PostProcess(&RenderContext{
+		URLPrefix: "https://example.com",
+		Metas:     localMetas,
+	}, strings.NewReader(data), &res)
+
+	assert.NoError(t, err)
+	assert.Equal(t, res.String(), "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">783b039...da951ce</code></a>")
+}

From 7c23d079e05421fc2d99f5256aa34ff4b9d2425a Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Sun, 30 Jan 2022 20:02:34 +0000
Subject: [PATCH 2/2] Update modules/markup/html.go

---
 modules/markup/html.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index 0407a83c1a0a..df2a159230d2 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -946,7 +946,7 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
 			return
 		}
 
-		// Check m[0...7] to not be be -1
+		// Ensure that every group (m[0]...m[7]) has a match
 		for i := 0; i < 8; i++ {
 			if m[i] == -1 {
 				return