Avoid double-unescaping of form value (#26853)

1. The old `prepareQueryArg` did double-unescaping of form value. 2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`. Co-authored-by: Giteabot <teabot@gitea.io>
author: wxiaoguang <wxiaoguang@gmail.com> 2023-09-01 20:01:36 +0800
committer: GitHub <noreply@github.com> 2023-09-01 12:01:36 +0000
commit: f01bed2443c32b8017a8dc31ca0161bd76bf3251 (patch)
tree: 8fc33df0db6fa0fc374db5e09e728f9bab7589cf /modules
parent: e8aae43f56fedd6f7b04affd378c2c4ed2af9d78 (diff)
download: gitea-f01bed2443c32b8017a8dc31ca0161bd76bf3251.tar.gz
gitea-f01bed2443c32b8017a8dc31ca0161bd76bf3251.zip
2 files changed, 4 insertions, 22 deletions
diff --git a/modules/context/utils.go b/modules/context/utils.go
index c0f619aa23..293750fee1 100644
--- a/modules/context/utils.go
+++ b/modules/context/utils.go
@@ -4,29 +4,18 @@
 package context
 
 import (
-	"net/url"
 	"strings"
 	"time"
 )
 
 // GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
 func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
-	qCreatedBefore, err := prepareQueryArg(ctx, "before")
+	before, err = parseFormTime(ctx, "before")
 	if err != nil {
 		return 0, 0, err
 	}
 
-	qCreatedSince, err := prepareQueryArg(ctx, "since")
-	if err != nil {
-		return 0, 0, err
-	}
-
-	before, err = parseTime(qCreatedBefore)
-	if err != nil {
-		return 0, 0, err
-	}
-
-	since, err = parseTime(qCreatedSince)
+	since, err = parseFormTime(ctx, "since")
 	if err != nil {
 		return 0, 0, err
 	}
@@ -34,7 +23,8 @@ func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
 }
 
 // parseTime parse time and return unix timestamp
-func parseTime(value string) (int64, error) {
+func parseFormTime(ctx *Base, name string) (int64, error) {
+	value := strings.TrimSpace(ctx.FormString(name))
 	if len(value) != 0 {
 		t, err := time.Parse(time.RFC3339, value)
 		if err != nil {
@@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) {
 	}
 	return 0, nil
 }
-
-// prepareQueryArg unescape and trim a query arg
-func prepareQueryArg(ctx *Base, name string) (value string, err error) {
-	value, err = url.PathUnescape(ctx.FormString(name))
-	value = strings.TrimSpace(value)
-	return value, err
-}
diff --git a/modules/contexttest/context_tests.go b/modules/contexttest/context_tests.go
index f8fb0859e3..ea91bc5001 100644
--- a/modules/contexttest/context_tests.go
+++ b/modules/contexttest/context_tests.go
@@ -50,7 +50,6 @@ func MockContext(t *testing.T, reqPath string) (*context.Context, *httptest.Resp
 	base.Locale = &translation.MockLocale{}
 
 	ctx := context.NewWebContext(base, &MockRender{}, nil)
-	ctx.Flash = &middleware.Flash{Values: url.Values{}}
 
 	chiCtx := chi.NewRouteContext()
 	ctx.Base.AppendContextValue(chi.RouteCtxKey, chiCtx)
author	wxiaoguang <wxiaoguang@gmail.com>	2023-09-01 20:01:36 +0800
committer	GitHub <noreply@github.com>	2023-09-01 12:01:36 +0000
commit	f01bed2443c32b8017a8dc31ca0161bd76bf3251 (patch)
tree	8fc33df0db6fa0fc374db5e09e728f9bab7589cf /modules
parent	e8aae43f56fedd6f7b04affd378c2c4ed2af9d78 (diff)
download	gitea-f01bed2443c32b8017a8dc31ca0161bd76bf3251.tar.gz gitea-f01bed2443c32b8017a8dc31ca0161bd76bf3251.zip