Skip to content

Instead of using routerCtx just escape the url before routing (#18086) #18098

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zeripath merged 3 commits into from
Dec 26, 2021
Merged

Instead of using routerCtx just escape the url before routing (#18086) #18098

zeripath merged 3 commits into from
Dec 26, 2021

Conversation

@zeripath
Copy link
Contributor

@zeripath zeripath commented Dec 25, 2021

Backport #18086

A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing #18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.

Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.

Fix #17938
Fix #18060
Replace #18062
Replace #17997

Signed-off-by: Andrew Thornton [email protected]

@zeripath
Instead of using routerCtx just escape the url before routing (go-git…
fb00cd6 
…ea#18086)

Backport go-gitea#18086

A consequence of forcibly setting the RoutePath to the escaped url is that the
auto routing to endpoints without terminal slashes fails (Causing go-gitea#18060.) This
failure raises the possibility that forcibly setting the RoutePath causes other
unexpected behaviors too.

Therefore, instead we should simply pre-escape the URL in the process registering
handler. Then the request URL will be properly escaped for all the following calls.

Fix go-gitea#17938
Fix go-gitea#18060
Replace go-gitea#18062
Replace go-gitea#17997

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath added this to the 1.15.9 milestone Dec 25, 2021
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Dec 25, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 26, 2021
@zeripath
Copy link
Contributor Author

zeripath commented Dec 26, 2021

make lgtm work

@zeripath zeripath merged commit 71e1ebf into go-gitea:release/v1.15 Dec 26, 2021
@zeripath zeripath deleted the backport-18086-v1.15 branch December 26, 2021 10:32
@richmahn
Copy link
Contributor

richmahn commented Dec 28, 2021
edited
Loading

Great work @zeripath. My actual users discovered this bug yesterday in 1.15.8 and wondered why it was happening. I was like "Just don't type the slash"! They wanted me to dig into fixing it more. haha.

zeripath added a commit to zeripath/gitea that referenced this pull request Dec 28, 2021
@zeripath
Changelog v1.15.9
6da724b 
* BUGFIXES
  * Revert "Fix delete u2f keys bug (go-gitea#18042)" (go-gitea#18107)
  * Migrating wiki don't require token, so we should move it out of the require form (go-gitea#17645) (go-gitea#18104)
  * Prevent NPE if gitea uploader fails to open url (go-gitea#18080) (go-gitea#18101)
  * Reset locale on login (go-gitea#17734) (go-gitea#18100)
  * Correctly handle failed migrations (go-gitea#17575) (go-gitea#18099)
  * Instead of using routerCtx just escape the url before routing (go-gitea#18086) (go-gitea#18098)
  * Quote references to the user table in consistency checks (go-gitea#18072) (go-gitea#18073)
  * Add NotFound handler (go-gitea#18062) (go-gitea#18067)
  * Ensure that git repository is closed before transfer (go-gitea#18049) (go-gitea#18057)
  * Use common sessioner for API and web routes (go-gitea#18114)
* TRANSLATION
  * Fix code search result hint on zh-CN (go-gitea#18053)

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this pull request Dec 28, 2021
Merged
lunny added a commit that referenced this pull request Dec 30, 2021
@zeripath @lunny
Changelog v1.15.9 (#18115)
3db98be 
* BUGFIXES
  * Revert "Fix delete u2f keys bug (#18042)" (#18107)
  * Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
  * Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
  * Reset locale on login (#17734) (#18100)
  * Correctly handle failed migrations (#17575) (#18099)
  * Instead of using routerCtx just escape the url before routing (#18086) (#18098)
  * Quote references to the user table in consistency checks (#18072) (#18073)
  * Add NotFound handler (#18062) (#18067)
  * Ensure that git repository is closed before transfer (#18049) (#18057)
  * Use common sessioner for API and web routes (#18114)
* TRANSLATION
  * Fix code search result hint on zh-CN (#18053)

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: Lunny Xiao <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.15.9

Development

Successfully merging this pull request may close these issues.

5 participants

@zeripath @richmahn @lunny @wxiaoguang @GiteaBot