summaryrefslogtreecommitdiffstats
path: root/modules/private
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2019-03-11 22:53:41 +0000
committerLauris BH <lauris@nix.lv>2019-03-12 00:53:41 +0200
commit663874e8bee253dcaa95b03adb519c5685774351 (patch)
treeec39adca75ce0f7f6516cfee91969ddbd2856fd0 /modules/private
parent50631b5ac3ea06e167eca42c564ff4d89568ae99 (diff)
downloadgitea-663874e8bee253dcaa95b03adb519c5685774351.tar.gz
gitea-663874e8bee253dcaa95b03adb519c5685774351.zip
Use url.PathEscape to escape the branchname (#6304)
* Use url.PathEscape to escape the branchname * GetRepositoryByOwnerAndName should also have url.PathEscape as the owner and reponame are provided by the client
Diffstat (limited to 'modules/private')
-rw-r--r--modules/private/branch.go3
-rw-r--r--modules/private/internal.go3
2 files changed, 4 insertions, 2 deletions
diff --git a/modules/private/branch.go b/modules/private/branch.go
index cadbf6c88c..b6b119e871 100644
--- a/modules/private/branch.go
+++ b/modules/private/branch.go
@@ -7,6 +7,7 @@ package private
import (
"encoding/json"
"fmt"
+ "net/url"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/log"
@@ -16,7 +17,7 @@ import (
// GetProtectedBranchBy get protected branch information
func GetProtectedBranchBy(repoID int64, branchName string) (*models.ProtectedBranch, error) {
// Ask for running deliver hook and test pull request tasks.
- reqURL := setting.LocalURL + fmt.Sprintf("api/internal/branch/%d/%s", repoID, branchName)
+ reqURL := setting.LocalURL + fmt.Sprintf("api/internal/branch/%d/%s", repoID, url.PathEscape(branchName))
log.GitLogger.Trace("GetProtectedBranchBy: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
diff --git a/modules/private/internal.go b/modules/private/internal.go
index b1c868b40f..56852ce63c 100644
--- a/modules/private/internal.go
+++ b/modules/private/internal.go
@@ -10,6 +10,7 @@ import (
"fmt"
"net"
"net/http"
+ "net/url"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/httplib"
@@ -76,7 +77,7 @@ func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType)
// GetRepositoryByOwnerAndName returns the repository by given ownername and reponame.
func GetRepositoryByOwnerAndName(ownerName, repoName string) (*models.Repository, error) {
- reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repo/%s/%s", ownerName, repoName)
+ reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repo/%s/%s", url.PathEscape(ownerName), url.PathEscape(repoName))
log.GitLogger.Trace("GetRepositoryByOwnerAndName: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()