aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2023-02-11 14:34:11 +0800
committerGitHub <noreply@github.com>2023-02-11 14:34:11 +0800
commite9288c24773157411edec17c9bbcc8c1567e91ee (patch)
treeb34c730a13ab9a56d14b0fcccf1e136ca0233b68 /routers/web
parent1cb8d14bf71e0b8637c9eaa10808b4fd05139f45 (diff)
downloadgitea-e9288c24773157411edec17c9bbcc8c1567e91ee.tar.gz
gitea-e9288c24773157411edec17c9bbcc8c1567e91ee.zip
Fix improper HTMLURL usages in Go code (#22839)
In Go code, HTMLURL should be only used for external systems, like API/webhook/mail/notification, etc. If a URL is used by `Redirect` or rendered in a template, it should be a relative URL (aka `Link()` in Gitea) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'routers/web')
-rw-r--r--routers/web/repo/actions/actions.go2
-rw-r--r--routers/web/repo/issue.go14
-rw-r--r--routers/web/repo/issue_dependency.go4
-rw-r--r--routers/web/repo/issue_lock.go10
-rw-r--r--routers/web/repo/issue_stopwatch.go4
-rw-r--r--routers/web/repo/issue_timetrack.go4
-rw-r--r--routers/web/repo/issue_watch.go2
-rw-r--r--routers/web/repo/pull_review.go2
-rw-r--r--routers/web/repo/release.go2
-rw-r--r--routers/web/repo/repo.go2
-rw-r--r--routers/web/repo/search.go2
-rw-r--r--routers/web/repo/view.go4
-rw-r--r--routers/web/user/package.go2
-rw-r--r--routers/web/user/profile.go2
14 files changed, 28 insertions, 28 deletions
diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go
index 146bf27daf..e5496676a9 100644
--- a/routers/web/repo/actions/actions.go
+++ b/routers/web/repo/actions/actions.go
@@ -70,7 +70,7 @@ func List(ctx *context.Context) {
}
ctx.Data["workflows"] = workflows
- ctx.Data["RepoLink"] = ctx.Repo.Repository.HTMLURL()
+ ctx.Data["RepoLink"] = ctx.Repo.Repository.Link()
page := ctx.FormInt("page")
if page <= 0 {
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 2193da5110..3cd29c2b6d 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -100,7 +100,7 @@ func MustAllowUserComment(ctx *context.Context) {
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
return
}
}
@@ -927,7 +927,7 @@ func NewIssueChooseTemplate(ctx *context.Context) {
if len(issueTemplates) == 0 {
// The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if no template here, just redirect to the "issues/new" page with these parameters.
- ctx.Redirect(fmt.Sprintf("%s/issues/new?%s", ctx.Repo.Repository.HTMLURL(), ctx.Req.URL.RawQuery), http.StatusSeeOther)
+ ctx.Redirect(fmt.Sprintf("%s/issues/new?%s", ctx.Repo.Repository.Link(), ctx.Req.URL.RawQuery), http.StatusSeeOther)
return
}
@@ -950,11 +950,11 @@ func DeleteIssue(ctx *context.Context) {
}
if issue.IsPull {
- ctx.Redirect(fmt.Sprintf("%s/pulls", ctx.Repo.Repository.HTMLURL()), http.StatusSeeOther)
+ ctx.Redirect(fmt.Sprintf("%s/pulls", ctx.Repo.Repository.Link()), http.StatusSeeOther)
return
}
- ctx.Redirect(fmt.Sprintf("%s/issues", ctx.Repo.Repository.HTMLURL()), http.StatusSeeOther)
+ ctx.Redirect(fmt.Sprintf("%s/issues", ctx.Repo.Repository.Link()), http.StatusSeeOther)
}
// ValidateRepoMetas check and returns repository's meta information
@@ -1425,7 +1425,7 @@ func ViewIssue(ctx *context.Context) {
return
}
// Add link to the issue of the already running stopwatch
- ctx.Data["OtherStopwatchURL"] = otherIssue.HTMLURL()
+ ctx.Data["OtherStopwatchURL"] = otherIssue.Link()
}
}
ctx.Data["CanUseTimetracker"] = ctx.Repo.CanUseTimetracker(issue, ctx.Doer)
@@ -2658,7 +2658,7 @@ func NewComment(ctx *context.Context) {
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
return
}
@@ -2669,7 +2669,7 @@ func NewComment(ctx *context.Context) {
if ctx.HasError() {
ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
return
}
diff --git a/routers/web/repo/issue_dependency.go b/routers/web/repo/issue_dependency.go
index 41c127be91..365d9609d6 100644
--- a/routers/web/repo/issue_dependency.go
+++ b/routers/web/repo/issue_dependency.go
@@ -34,7 +34,7 @@ func AddDependency(ctx *context.Context) {
}
// Redirect
- defer ctx.Redirect(issue.HTMLURL())
+ defer ctx.Redirect(issue.Link())
// Dependency
dep, err := issues_model.GetIssueByID(ctx, depID)
@@ -124,5 +124,5 @@ func RemoveDependency(ctx *context.Context) {
}
// Redirect
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
}
diff --git a/routers/web/repo/issue_lock.go b/routers/web/repo/issue_lock.go
index 10db968a21..08b76e555f 100644
--- a/routers/web/repo/issue_lock.go
+++ b/routers/web/repo/issue_lock.go
@@ -21,13 +21,13 @@ func LockIssue(ctx *context.Context) {
if issue.IsLocked {
ctx.Flash.Error(ctx.Tr("repo.issues.lock_duplicate"))
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
return
}
if !form.HasValidReason() {
ctx.Flash.Error(ctx.Tr("repo.issues.lock.unknown_reason"))
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
return
}
@@ -40,7 +40,7 @@ func LockIssue(ctx *context.Context) {
return
}
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
}
// UnlockIssue unlocks a previously locked issue.
@@ -52,7 +52,7 @@ func UnlockIssue(ctx *context.Context) {
if !issue.IsLocked {
ctx.Flash.Error(ctx.Tr("repo.issues.unlock_error"))
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
return
}
@@ -64,5 +64,5 @@ func UnlockIssue(ctx *context.Context) {
return
}
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
}
diff --git a/routers/web/repo/issue_stopwatch.go b/routers/web/repo/issue_stopwatch.go
index d2a7a12a1f..3d20b08b49 100644
--- a/routers/web/repo/issue_stopwatch.go
+++ b/routers/web/repo/issue_stopwatch.go
@@ -40,7 +40,7 @@ func IssueStopwatch(c *context.Context) {
c.Flash.Success(c.Tr("repo.issues.tracker_auto_close"))
}
- url := issue.HTMLURL()
+ url := issue.Link()
c.Redirect(url, http.StatusSeeOther)
}
@@ -72,7 +72,7 @@ func CancelStopwatch(c *context.Context) {
})
}
- url := issue.HTMLURL()
+ url := issue.Link()
c.Redirect(url, http.StatusSeeOther)
}
diff --git a/routers/web/repo/issue_timetrack.go b/routers/web/repo/issue_timetrack.go
index 6e9d3673cf..7dc7d0797d 100644
--- a/routers/web/repo/issue_timetrack.go
+++ b/routers/web/repo/issue_timetrack.go
@@ -26,7 +26,7 @@ func AddTimeManually(c *context.Context) {
c.NotFound("CanUseTimetracker", nil)
return
}
- url := issue.HTMLURL()
+ url := issue.Link()
if c.HasError() {
c.Flash.Error(c.GetErrMsg())
@@ -83,5 +83,5 @@ func DeleteTime(c *context.Context) {
}
c.Flash.Success(c.Tr("repo.issues.del_time_history", util.SecToTime(t.Time)))
- c.Redirect(issue.HTMLURL())
+ c.Redirect(issue.Link())
}
diff --git a/routers/web/repo/issue_watch.go b/routers/web/repo/issue_watch.go
index c23dbf0622..1837c2b632 100644
--- a/routers/web/repo/issue_watch.go
+++ b/routers/web/repo/issue_watch.go
@@ -52,5 +52,5 @@ func IssueWatch(ctx *context.Context) {
return
}
- ctx.Redirect(issue.HTMLURL())
+ ctx.Redirect(issue.Link())
}
diff --git a/routers/web/repo/pull_review.go b/routers/web/repo/pull_review.go
index 9f4cdde864..d43a786c56 100644
--- a/routers/web/repo/pull_review.go
+++ b/routers/web/repo/pull_review.go
@@ -98,7 +98,7 @@ func CreateCodeComment(ctx *context.Context) {
renderConversation(ctx, comment)
return
}
- ctx.Redirect(comment.HTMLURL())
+ ctx.Redirect(comment.Link())
}
// UpdateResolveConversation add or remove an Conversation resolved mark
diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go
index 5204b5fd00..e969fdc5ab 100644
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@@ -295,7 +295,7 @@ func LatestRelease(ctx *context.Context) {
return
}
- ctx.Redirect(release.HTMLURL())
+ ctx.Redirect(release.Link())
}
// NewRelease render creating or edit release page
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index 0a51dfa733..9f2add1fe6 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -344,7 +344,7 @@ func acceptOrRejectRepoTransfer(ctx *context.Context, accept bool) error {
ctx.Flash.Success(ctx.Tr("repo.settings.transfer.rejected"))
}
- ctx.Redirect(ctx.Repo.Repository.HTMLURL())
+ ctx.Redirect(ctx.Repo.Repository.Link())
return nil
}
diff --git a/routers/web/repo/search.go b/routers/web/repo/search.go
index 137f38d409..a043198472 100644
--- a/routers/web/repo/search.go
+++ b/routers/web/repo/search.go
@@ -54,7 +54,7 @@ func Search(ctx *context.Context) {
ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable()
}
- ctx.Data["SourcePath"] = ctx.Repo.Repository.HTMLURL()
+ ctx.Data["SourcePath"] = ctx.Repo.Repository.Link()
ctx.Data["SearchResults"] = searchResults
ctx.Data["SearchResultLanguages"] = searchResultLanguages
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index f314902374..70f2a941be 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -318,7 +318,7 @@ func renderReadmeFile(ctx *context.Context, readmeFile *namedBlob, readmeTreelin
if fInfo.isLFSFile {
filenameBase64 := base64.RawURLEncoding.EncodeToString([]byte(readmeFile.name))
- ctx.Data["RawFileLink"] = fmt.Sprintf("%s.git/info/lfs/objects/%s/%s", ctx.Repo.Repository.HTMLURL(), url.PathEscape(fInfo.lfsMeta.Oid), url.PathEscape(filenameBase64))
+ ctx.Data["RawFileLink"] = fmt.Sprintf("%s.git/info/lfs/objects/%s/%s", ctx.Repo.Repository.Link(), url.PathEscape(fInfo.lfsMeta.Oid), url.PathEscape(filenameBase64))
}
if !fInfo.isTextFile {
@@ -738,7 +738,7 @@ func Home(ctx *context.Context) {
}
ctx.Data["EnableFeed"] = true
- ctx.Data["FeedURL"] = ctx.Repo.Repository.HTMLURL()
+ ctx.Data["FeedURL"] = ctx.Repo.Repository.Link()
}
checkHomeCodeViewable(ctx)
diff --git a/routers/web/user/package.go b/routers/web/user/package.go
index ed4f0dd797..a9acc5281f 100644
--- a/routers/web/user/package.go
+++ b/routers/web/user/package.go
@@ -376,7 +376,7 @@ func PackageSettingsPost(ctx *context.Context) {
ctx.Flash.Success(ctx.Tr("packages.settings.delete.success"))
}
- ctx.Redirect(ctx.Package.Owner.HTMLURL() + "/-/packages")
+ ctx.Redirect(ctx.Package.Owner.HomeLink() + "/-/packages")
return
}
}
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 0e342991d6..4f0a816569 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -47,7 +47,7 @@ func Profile(ctx *context.Context) {
}
// advertise feed via meta tag
- ctx.Data["FeedURL"] = ctx.ContextUser.HTMLURL()
+ ctx.Data["FeedURL"] = ctx.ContextUser.HomeLink()
// Show OpenID URIs
openIDs, err := user_model.GetUserOpenIDs(ctx.ContextUser.ID)