diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/context/auth.go | 8 | ||||
| -rw-r--r-- | modules/context/context.go | 3 | ||||
| -rw-r--r-- | modules/context/repo.go | 2 | ||||
| -rw-r--r-- | modules/private/branch.go | 4 | ||||
| -rw-r--r-- | modules/util/url.go | 59 | ||||
| -rw-r--r-- | modules/util/util.go | 40 |
6 files changed, 67 insertions, 49 deletions
diff --git a/modules/context/auth.go b/modules/context/auth.go index 9d9bd81c75..ca897de6ed 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -5,8 +5,6 @@ package context import ( - "net/url" - "code.gitea.io/gitea/modules/auth" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" @@ -48,7 +46,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { if ctx.Req.URL.Path != "/user/settings/change_password" { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" - ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL) + ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL) ctx.Redirect(setting.AppSubURL + "/user/settings/change_password") return } @@ -82,7 +80,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { return } - ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL) + ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL) ctx.Redirect(setting.AppSubURL + "/user/login") return } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm { @@ -95,7 +93,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { // Redirect to log in page if auto-signin info is provided and has not signed in. if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) && len(ctx.GetCookie(setting.CookieUserName)) > 0 { - ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL) + ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL) ctx.Redirect(setting.AppSubURL + "/user/login") return } diff --git a/modules/context/context.go b/modules/context/context.go index 5d4a2cad54..5c7254de22 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -19,6 +19,7 @@ import ( "code.gitea.io/gitea/modules/base" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" "github.com/Unknwon/com" "github.com/go-macaron/cache" "github.com/go-macaron/csrf" @@ -211,7 +212,7 @@ func Contexter() macaron.Handler { if err == nil && len(repo.DefaultBranch) > 0 { branchName = repo.DefaultBranch } - prefix := setting.AppURL + path.Join(url.QueryEscape(ownerName), url.QueryEscape(repoName), "src", "branch", branchName) + prefix := setting.AppURL + path.Join(url.PathEscape(ownerName), url.PathEscape(repoName), "src", "branch", util.PathEscapeSegments(branchName)) c.Header().Set("Content-Type", "text/html") c.WriteHeader(http.StatusOK) c.Write([]byte(com.Expand(`<!doctype html> diff --git a/modules/context/repo.go b/modules/context/repo.go index 8f2622fa82..e0ee802f7d 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -172,7 +172,7 @@ func RetrieveBaseRepo(ctx *Context, repo *models.Repository) { // ComposeGoGetImport returns go-get-import meta content. func ComposeGoGetImport(owner, repo string) string { - return path.Join(setting.Domain, setting.AppSubURL, url.QueryEscape(owner), url.QueryEscape(repo)) + return path.Join(setting.Domain, setting.AppSubURL, url.PathEscape(owner), url.PathEscape(repo)) } // EarlyResponseForGoGetMeta responses appropriate go-get meta with status 200 diff --git a/modules/private/branch.go b/modules/private/branch.go index b6b119e871..bbd0d4b697 100644 --- a/modules/private/branch.go +++ b/modules/private/branch.go @@ -7,17 +7,17 @@ package private import ( "encoding/json" "fmt" - "net/url" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/util" ) // GetProtectedBranchBy get protected branch information func GetProtectedBranchBy(repoID int64, branchName string) (*models.ProtectedBranch, error) { // Ask for running deliver hook and test pull request tasks. - reqURL := setting.LocalURL + fmt.Sprintf("api/internal/branch/%d/%s", repoID, url.PathEscape(branchName)) + reqURL := setting.LocalURL + fmt.Sprintf("api/internal/branch/%d/%s", repoID, util.PathEscapeSegments(branchName)) log.GitLogger.Trace("GetProtectedBranchBy: %s", reqURL) resp, err := newInternalRequest(reqURL, "GET").Response() diff --git a/modules/util/url.go b/modules/util/url.go new file mode 100644 index 0000000000..381e8b935b --- /dev/null +++ b/modules/util/url.go @@ -0,0 +1,59 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package util + +import ( + "net/url" + "path" + "strings" + + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" +) + +// PathEscapeSegments escapes segments of a path while not escaping forward slash +func PathEscapeSegments(path string) string { + slice := strings.Split(path, "/") + for index := range slice { + slice[index] = url.PathEscape(slice[index]) + } + escapedPath := strings.Join(slice, "/") + return escapedPath +} + +// URLJoin joins url components, like path.Join, but preserving contents +func URLJoin(base string, elems ...string) string { + if !strings.HasSuffix(base, "/") { + base += "/" + } + baseURL, err := url.Parse(base) + if err != nil { + log.Error(4, "URLJoin: Invalid base URL %s", base) + return "" + } + joinedPath := path.Join(elems...) + argURL, err := url.Parse(joinedPath) + if err != nil { + log.Error(4, "URLJoin: Invalid arg %s", joinedPath) + return "" + } + joinedURL := baseURL.ResolveReference(argURL).String() + if !baseURL.IsAbs() && !strings.HasPrefix(base, "/") { + return joinedURL[1:] // Removing leading '/' if needed + } + return joinedURL +} + +// IsExternalURL checks if rawURL points to an external URL like http://example.com +func IsExternalURL(rawURL string) bool { + parsed, err := url.Parse(rawURL) + if err != nil { + return true + } + if len(parsed.Host) != 0 && strings.Replace(parsed.Host, "www.", "", 1) != strings.Replace(setting.Domain, "www.", "", 1) { + return true + } + return false +} diff --git a/modules/util/util.go b/modules/util/util.go index b2067c8df6..4203b5eb51 100644 --- a/modules/util/util.go +++ b/modules/util/util.go @@ -5,12 +5,7 @@ package util import ( - "net/url" - "path" "strings" - - "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/setting" ) // OptionalBool a boolean that can be "null" @@ -56,41 +51,6 @@ func Max(a, b int) int { return a } -// URLJoin joins url components, like path.Join, but preserving contents -func URLJoin(base string, elems ...string) string { - if !strings.HasSuffix(base, "/") { - base += "/" - } - baseURL, err := url.Parse(base) - if err != nil { - log.Error(4, "URLJoin: Invalid base URL %s", base) - return "" - } - joinedPath := path.Join(elems...) - argURL, err := url.Parse(joinedPath) - if err != nil { - log.Error(4, "URLJoin: Invalid arg %s", joinedPath) - return "" - } - joinedURL := baseURL.ResolveReference(argURL).String() - if !baseURL.IsAbs() && !strings.HasPrefix(base, "/") { - return joinedURL[1:] // Removing leading '/' if needed - } - return joinedURL -} - -// IsExternalURL checks if rawURL points to an external URL like http://example.com -func IsExternalURL(rawURL string) bool { - parsed, err := url.Parse(rawURL) - if err != nil { - return true - } - if len(parsed.Host) != 0 && strings.Replace(parsed.Host, "www.", "", 1) != strings.Replace(setting.Domain, "www.", "", 1) { - return true - } - return false -} - // Min min of two ints func Min(a, b int) int { if a > b { |