From 663874e8bee253dcaa95b03adb519c5685774351 Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 11 Mar 2019 22:53:41 +0000 Subject: Use url.PathEscape to escape the branchname (#6304) * Use url.PathEscape to escape the branchname * GetRepositoryByOwnerAndName should also have url.PathEscape as the owner and reponame are provided by the client --- modules/private/branch.go | 3 ++- modules/private/internal.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/private/branch.go b/modules/private/branch.go index cadbf6c88c..b6b119e871 100644 --- a/modules/private/branch.go +++ b/modules/private/branch.go @@ -7,6 +7,7 @@ package private import ( "encoding/json" "fmt" + "net/url" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/log" @@ -16,7 +17,7 @@ import ( // GetProtectedBranchBy get protected branch information func GetProtectedBranchBy(repoID int64, branchName string) (*models.ProtectedBranch, error) { // Ask for running deliver hook and test pull request tasks. - reqURL := setting.LocalURL + fmt.Sprintf("api/internal/branch/%d/%s", repoID, branchName) + reqURL := setting.LocalURL + fmt.Sprintf("api/internal/branch/%d/%s", repoID, url.PathEscape(branchName)) log.GitLogger.Trace("GetProtectedBranchBy: %s", reqURL) resp, err := newInternalRequest(reqURL, "GET").Response() diff --git a/modules/private/internal.go b/modules/private/internal.go index b1c868b40f..56852ce63c 100644 --- a/modules/private/internal.go +++ b/modules/private/internal.go @@ -10,6 +10,7 @@ import ( "fmt" "net" "net/http" + "net/url" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/httplib" @@ -76,7 +77,7 @@ func CheckUnitUser(userID, repoID int64, isAdmin bool, unitType models.UnitType) // GetRepositoryByOwnerAndName returns the repository by given ownername and reponame. func GetRepositoryByOwnerAndName(ownerName, repoName string) (*models.Repository, error) { - reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repo/%s/%s", ownerName, repoName) + reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repo/%s/%s", url.PathEscape(ownerName), url.PathEscape(repoName)) log.GitLogger.Trace("GetRepositoryByOwnerAndName: %s", reqURL) resp, err := newInternalRequest(reqURL, "GET").Response() -- cgit v1.2.3