diff options
author | zeripath <art27@cantab.net> | 2021-12-16 18:40:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-16 18:40:18 +0100 |
commit | 6e7d28cf3aef9e91c435f841ec217bff5c750b87 (patch) | |
tree | 5889ba550874f0b6fd61674664809915152a0371 /integrations/nonascii_branches_test.go | |
parent | Add Reindex buttons to repository settings page (#17494) (diff) | |
download | forgejo-6e7d28cf3aef9e91c435f841ec217bff5c750b87.tar.xz forgejo-6e7d28cf3aef9e91c435f841ec217bff5c750b87.zip |
Prevent double decoding of % in url params (#17997)
There was an unfortunate regression in #14293 which has led to the double decoding
of url parameter elements if they contain a '%'. This is due to an issue
with the way chi decodes its RoutePath. In detail the problem lies in
mux.go where the routeHTTP path uses the URL.RawPath or even the
URL.Path instead of the escaped path to do routing.
This PR simply forcibly sets the routePath to that of the EscapedPath.
Fix #17938
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'integrations/nonascii_branches_test.go')
-rw-r--r-- | integrations/nonascii_branches_test.go | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/integrations/nonascii_branches_test.go b/integrations/nonascii_branches_test.go index cf6261dffe..71d0ee3cb1 100644 --- a/integrations/nonascii_branches_test.go +++ b/integrations/nonascii_branches_test.go @@ -6,6 +6,7 @@ package integrations import ( "net/http" + "net/url" "path" "testing" @@ -159,6 +160,41 @@ func TestNonasciiBranches(t *testing.T) { to: "tag/%D0%81/%E4%BA%BA", status: http.StatusOK, }, + { + from: "Plus+Is+Not+Space/%25%252525mightnotplaywell", + to: "branch/Plus+Is+Not+Space/%25%252525mightnotplaywell", + status: http.StatusOK, + }, + { + from: "Plus+Is+Not+Space/%25253Fisnotaquestion%25253F", + to: "branch/Plus+Is+Not+Space/%25253Fisnotaquestion%25253F", + status: http.StatusOK, + }, + { + from: "Plus+Is+Not+Space/" + url.PathEscape("%3Fis?and#afile"), + to: "branch/Plus+Is+Not+Space/" + url.PathEscape("%3Fis?and#afile"), + status: http.StatusOK, + }, + { + from: "Plus+Is+Not+Space/10%25.md", + to: "branch/Plus+Is+Not+Space/10%25.md", + status: http.StatusOK, + }, + { + from: "Plus+Is+Not+Space/" + url.PathEscape("This+file%20has 1space"), + to: "branch/Plus+Is+Not+Space/" + url.PathEscape("This+file%20has 1space"), + status: http.StatusOK, + }, + { + from: "Plus+Is+Not+Space/" + url.PathEscape("This+file%2520has 2 spaces"), + to: "branch/Plus+Is+Not+Space/" + url.PathEscape("This+file%2520has 2 spaces"), + status: http.StatusOK, + }, + { + from: "Plus+Is+Not+Space/" + url.PathEscape("£15&$6.txt"), + to: "branch/Plus+Is+Not+Space/" + url.PathEscape("£15&$6.txt"), + status: http.StatusOK, + }, } defer prepareTestEnv(t)() |