diff options
| author | zeripath <art27@cantab.net> | 2021-12-24 16:50:49 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-25 00:50:49 +0800 |
| commit | 16adaaeaa3d6ebe19e203e5626120ed1cd4fea6c (patch) | |
| tree | 7a95791e32336c53bfe75544b5dac4e6b31cc800 /routers | |
| parent | 26070eb818a09e7123c178434e73c9def88ea8e7 (diff) | |
| download | gitea-16adaaeaa3d6ebe19e203e5626120ed1cd4fea6c.tar.gz gitea-16adaaeaa3d6ebe19e203e5626120ed1cd4fea6c.zip | |
Instead of using routerCtx just escape the url before routing (#18086)
A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing #18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.
Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.
Fix #17938
Fix #18060
Replace #18062
Replace #17997
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/common/middleware.go | 3 | ||||
| -rw-r--r-- | routers/web/web.go | 5 |
2 files changed, 3 insertions, 5 deletions
diff --git a/routers/common/middleware.go b/routers/common/middleware.go index 7da05d2ae4..3f535628aa 100644 --- a/routers/common/middleware.go +++ b/routers/common/middleware.go @@ -23,6 +23,9 @@ func Middlewares() []func(http.Handler) http.Handler { var handlers = []func(http.Handler) http.Handler{ func(next http.Handler) http.Handler { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { + // First of all escape the URL RawPath to ensure that all routing is done using a correctly escaped URL + req.URL.RawPath = req.URL.EscapedPath() + ctx, _, finished := process.GetManager().AddContext(req.Context(), fmt.Sprintf("%s: %s", req.Method, req.RequestURI)) defer finished() next.ServeHTTP(context.NewResponse(resp), req.WithContext(ctx)) diff --git a/routers/web/web.go b/routers/web/web.go index ebd0995df8..23daeb601f 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -1079,11 +1079,6 @@ func RegisterRoutes(m *web.Route) { m.Get("/swagger.v1.json", SwaggerV1Json) } m.NotFound(func(w http.ResponseWriter, req *http.Request) { - escapedPath := req.URL.EscapedPath() - if len(escapedPath) > 1 && escapedPath[len(escapedPath)-1] == '/' { - http.Redirect(w, req, setting.AppSubURL+escapedPath[:len(escapedPath)-1], http.StatusTemporaryRedirect) - return - } ctx := context.GetContext(req) ctx.NotFound("", nil) }) |