Browse Source
Instead of using routerCtx just escape the url before routing (#18086)
A consequence of forcibly setting the RoutePath to the escaped url is that the auto routing to endpoints without terminal slashes fails (Causing #18060.) This failure raises the possibility that forcibly setting the RoutePath causes other unexpected behaviors too. Therefore, instead we should simply pre-escape the URL in the process registering handler. Then the request URL will be properly escaped for all the following calls. Fix #17938 Fix #18060 Replace #18062 Replace #17997 Signed-off-by: Andrew Thornton <art27@cantab.net>tags/v1.16.0-rc1
zeripath
2 years ago
4 changed files with 4 additions and 18 deletions
+ 1
- 10
integrations/links_test.go
View File
| @@ -33,6 +33,7 @@ func TestLinksNoLogin(t *testing.T) { | |||
| "/user/forgot_password", | |||
| "/api/swagger", | |||
| "/user2/repo1", | |||
| "/user2/repo1/", | |||
| "/user2/repo1/projects", | |||
| "/user2/repo1/projects/1", | |||
| "/assets/img/404.png", | |||
| @@ -61,16 +62,6 @@ func TestRedirectsNoLogin(t *testing.T) { | |||
| resp := MakeRequest(t, req, http.StatusFound) | |||
| assert.EqualValues(t, path.Join(setting.AppSubURL, redirectLink), test.RedirectURL(resp)) | |||
| } | |||
| var temporaryRedirects = map[string]string{ | |||
| "/user2/repo1/": "/user2/repo1", | |||
| } | |||
| for link, redirectLink := range temporaryRedirects { | |||
| req := NewRequest(t, "GET", link) | |||
| resp := MakeRequest(t, req, http.StatusTemporaryRedirect) | |||
| assert.EqualValues(t, path.Join(setting.AppSubURL, redirectLink), test.RedirectURL(resp)) | |||
| } | |||
| } | |||
| func TestNoLoginNotExist(t *testing.T) { | |||
+ 0
- 3
modules/context/context.go
View File
| @@ -610,9 +610,6 @@ func Contexter() func(next http.Handler) http.Handler { | |||
| var startTime = time.Now() | |||
| var link = setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/") | |||
| chiCtx := chi.RouteContext(req.Context()) | |||
| chiCtx.RoutePath = req.URL.EscapedPath() | |||
| var ctx = Context{ | |||
| Resp: NewResponse(resp), | |||
| Cache: mc.GetCache(), | |||
+ 3
- 0
routers/common/middleware.go
View File
| @@ -23,6 +23,9 @@ func Middlewares() []func(http.Handler) http.Handler { | |||
| var handlers = []func(http.Handler) http.Handler{ | |||
| func(next http.Handler) http.Handler { | |||
| return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { | |||
| // First of all escape the URL RawPath to ensure that all routing is done using a correctly escaped URL | |||
| req.URL.RawPath = req.URL.EscapedPath() | |||
| ctx, _, finished := process.GetManager().AddContext(req.Context(), fmt.Sprintf("%s: %s", req.Method, req.RequestURI)) | |||
| defer finished() | |||
| next.ServeHTTP(context.NewResponse(resp), req.WithContext(ctx)) | |||
+ 0
- 5
routers/web/web.go
View File
| @@ -1079,11 +1079,6 @@ func RegisterRoutes(m *web.Route) { | |||
| m.Get("/swagger.v1.json", SwaggerV1Json) | |||
| } | |||
| m.NotFound(func(w http.ResponseWriter, req *http.Request) { | |||
| escapedPath := req.URL.EscapedPath() | |||
| if len(escapedPath) > 1 && escapedPath[len(escapedPath)-1] == '/' { | |||
| http.Redirect(w, req, setting.AppSubURL+escapedPath[:len(escapedPath)-1], http.StatusTemporaryRedirect) | |||
| return | |||
| } | |||
| ctx := context.GetContext(req) | |||
| ctx.NotFound("", nil) | |||
| }) | |||
Loading…