diff options
| author | zeripath <art27@cantab.net> | 2021-02-28 12:29:22 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-28 12:29:22 +0000 |
| commit | cf29cb30d321204eeddc7c628240a197757ba1b1 (patch) | |
| tree | a58a87fa07fb91ae467d48ac783e94d963d3bb6a | |
| parent | 2e8ce1eaed8f3dcf4c812c7408a851f91abfb76c (diff) | |
| download | gitea-cf29cb30d321204eeddc7c628240a197757ba1b1.tar.gz gitea-cf29cb30d321204eeddc7c628240a197757ba1b1.zip | |
Prevent use of double sub-path and incorrect asset path in manifest (#14827)
MakeAbsoluteAssetURL should just url join the static url prefix on to appurl
if it is not an absolute path - this is because StaticURLPrefix is an absolute
prefix not a relative prefix to the app sub url.
Fix #14422
Signed-off-by: Andrew Thornton <art27@cantab.net>
| -rw-r--r-- | modules/setting/setting.go | 2 | ||||
| -rw-r--r-- | modules/setting/setting_test.go | 9 |
2 files changed, 7 insertions, 4 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 783e440da1..cca7f46f14 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -1090,7 +1090,7 @@ func MakeAbsoluteAssetURL(appURL string, staticURLPrefix string) string { } // StaticURLPrefix is just a path - return strings.TrimSuffix(appURL, "/") + strings.TrimSuffix(staticURLPrefix, "/") + return util.URLJoin(appURL, strings.TrimSuffix(staticURLPrefix, "/")) } return strings.TrimSuffix(staticURLPrefix, "/") diff --git a/modules/setting/setting_test.go b/modules/setting/setting_test.go index f12fd8843a..7dd3d3bba9 100644 --- a/modules/setting/setting_test.go +++ b/modules/setting/setting_test.go @@ -18,9 +18,12 @@ func TestMakeAbsoluteAssetURL(t *testing.T) { assert.Equal(t, "https://localhost:1234/foo", MakeAbsoluteAssetURL("https://localhost:1234", "/foo")) assert.Equal(t, "https://localhost:1234/foo", MakeAbsoluteAssetURL("https://localhost:1234/", "/foo")) assert.Equal(t, "https://localhost:1234/foo", MakeAbsoluteAssetURL("https://localhost:1234/", "/foo/")) - assert.Equal(t, "https://localhost:1234/foo/bar", MakeAbsoluteAssetURL("https://localhost:1234/foo", "/bar")) - assert.Equal(t, "https://localhost:1234/foo/bar", MakeAbsoluteAssetURL("https://localhost:1234/foo/", "/bar")) - assert.Equal(t, "https://localhost:1234/foo/bar", MakeAbsoluteAssetURL("https://localhost:1234/foo/", "/bar/")) + assert.Equal(t, "https://localhost:1234/foo", MakeAbsoluteAssetURL("https://localhost:1234/foo", "/foo")) + assert.Equal(t, "https://localhost:1234/foo", MakeAbsoluteAssetURL("https://localhost:1234/foo/", "/foo")) + assert.Equal(t, "https://localhost:1234/foo", MakeAbsoluteAssetURL("https://localhost:1234/foo/", "/foo/")) + assert.Equal(t, "https://localhost:1234/bar", MakeAbsoluteAssetURL("https://localhost:1234/foo", "/bar")) + assert.Equal(t, "https://localhost:1234/bar", MakeAbsoluteAssetURL("https://localhost:1234/foo/", "/bar")) + assert.Equal(t, "https://localhost:1234/bar", MakeAbsoluteAssetURL("https://localhost:1234/foo/", "/bar/")) } func TestMakeManifestData(t *testing.T) { |