diff options
| author | Florian Zschocke <f.zschocke+git@gmail.com> | 2021-10-24 17:55:36 +0200 |
|---|---|---|
| committer | Florian Zschocke <f.zschocke+git@gmail.com> | 2021-10-24 17:55:36 +0200 |
| commit | f1b150b8f3860e9116ecc7a5290e8296ca4fdcb5 (patch) | |
| tree | c74ee7059c87e9f52bc3f4838c2221c50642b965 | |
| parent | 583e15eb3f0f3a565b031dc554b420e28c50baae (diff) | |
| download | gitblit-f1b150b8f3860e9116ecc7a5290e8296ca4fdcb5.tar.gz gitblit-f1b150b8f3860e9116ecc7a5290e8296ca4fdcb5.zip | |
raw: URL encode the links to raw view of files
So far links to raw view were not encoded. The browser did some encoding
of spaces on its own, which the servlet would unescape, since it uses
the `HttpServletRequest.getPathInfo` method. That decodes the path
before returning it.
A problem arises when a bracket is in the file (or folder) name. The
brackets are the characters that are not allowed in the path, according
to the `URI.parse` method. (Which is a bit harsh, because brackets
actually are only reserved for the host part since IPv6.) That means
that the decoding fails when a bracket character is encountered.
This went unnoticed since the failed decoding will return the path
as it got it. But once there is a space in the file name, which the
browser helpfully encoded for us, the failed decoding will now leave the
encoded space in there. And that will result in a path that does not
exist, e.g. `file%20[a]`.
To be on the safe side, we simply encode the path in the links that we
generate, so that it complies with the rules that are used in `getPathInfo`.
This fixes #1375.
| -rw-r--r-- | src/main/java/com/gitblit/servlet/RawServlet.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/servlet/RawServlet.java b/src/main/java/com/gitblit/servlet/RawServlet.java index 9161eb6a..e2cd2881 100644 --- a/src/main/java/com/gitblit/servlet/RawServlet.java +++ b/src/main/java/com/gitblit/servlet/RawServlet.java @@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.tika.Tika; +import org.apache.wicket.protocol.http.WicketURLEncoder; import org.eclipse.jgit.lib.FileMode; import org.eclipse.jgit.lib.MutableObjectId; import org.eclipse.jgit.lib.ObjectLoader; @@ -121,7 +122,8 @@ public class RawServlet extends HttpServlet { path = path.substring(1); } String encodedPath = path == null ? "" : path.replace('/', fsc); - return baseURL + Constants.RAW_PATH + repository + "/" + (branch == null ? "" : (branch + "/" + encodedPath)); + String fullPath = repository + "/" + (branch == null ? "" : (branch + "/" + encodedPath)); + return baseURL + Constants.RAW_PATH + WicketURLEncoder.FULL_PATH_INSTANCE.encode(fullPath); } |