aboutsummaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-12-16 17:40:18 +0000
committerGitHub <noreply@github.com>2021-12-16 17:40:18 +0000
commit6e7d28cf3aef9e91c435f841ec217bff5c750b87 (patch)
tree5889ba550874f0b6fd61674664809915152a0371 /modules
parente0e3ba6c12c4094dfb1ff0dc5f290214cf9bfe54 (diff)
downloadgitea-6e7d28cf3aef9e91c435f841ec217bff5c750b87.tar.gz
gitea-6e7d28cf3aef9e91c435f841ec217bff5c750b87.zip
Prevent double decoding of % in url params (#17997)
There was an unfortunate regression in #14293 which has led to the double decoding of url parameter elements if they contain a '%'. This is due to an issue with the way chi decodes its RoutePath. In detail the problem lies in mux.go where the routeHTTP path uses the URL.RawPath or even the URL.Path instead of the escaped path to do routing. This PR simply forcibly sets the routePath to that of the EscapedPath. Fix #17938 Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules')
-rw-r--r--modules/context/context.go4
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/context/context.go b/modules/context/context.go
index 88cf498f82..94e1f6cfff 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -609,6 +609,10 @@ func Contexter() func(next http.Handler) http.Handler {
var locale = middleware.Locale(resp, req)
var startTime = time.Now()
var link = setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/")
+
+ chiCtx := chi.RouteContext(req.Context())
+ chiCtx.RoutePath = req.URL.EscapedPath()
+
var ctx = Context{
Resp: NewResponse(resp),
Cache: mc.GetCache(),
38'>38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
/*
@VaadinApache2LicenseForJavaFiles@
 */

package com.vaadin.ui;

import com.vaadin.terminal.Resource;

/**
 * The Audio component translates into an HTML5 &lt;audio&gt; element and as
 * such is only supported in browsers that support HTML5 media markup. Browsers
 * that do not support HTML5 display the text or HTML set by calling
 * {@link #setAltText(String)}.
 * 
 * A flash-player fallback can be implemented by setting HTML content allowed (
 * {@link #setHtmlContentAllowed(boolean)} and calling
 * {@link #setAltText(String)} with the flash player markup. An example of flash
 * fallback can be found at the <a href=
 * "https://developer.mozilla.org/En/Using_audio_and_video_in_Firefox#Using_Flash"
 * >Mozilla Developer Network</a>.
 * 
 * Multiple sources can be specified. Which of the sources is used is selected
 * by the browser depending on which file formats it supports. See <a
 * href="http://en.wikipedia.org/wiki/HTML5_video#Table">wikipedia</a> for a
 * table of formats supported by different browsers.
 * 
 * @author Vaadin Ltd
 * @since 6.7.0
 */
public class Audio extends AbstractMedia {

    public Audio() {
        this("", null);
    }

    /**
     * @param caption
     *            The caption of the audio component.
     */
    public Audio(String caption) {
        this(caption, null);
    }

    /**
     * @param caption
     *            The caption of the audio component
     * @param source
     *            The audio file to play.
     */
    public Audio(String caption, Resource source) {
        setCaption(caption);
        setSource(source);
        setShowControls(true);
    }
}