forked from gitea/gitea
1
0
Fork 0
gitea/services
Yarden Shoham 43d1183f67
escape filename when assemble URL (#22850) (#22871)
Backport #22850

Fixes: #22843 

### Cause:

affdd40296/services/repository/files/content.go (L161)

Previously, we did not escape the **"%"** that might be in "treePath"
when call "url.parse()".


![image](https://user-images.githubusercontent.com/33891828/218066318-5a909e50-2a17-46e6-b32f-684b2aa4b91f.png)

This function will check whether "%" is the beginning of an escape
character. Obviously, the "%" in the example (hello%mother.txt) is not
that. So, the function will return a error.

### Solution:
We can escape "treePath" by call "url.PathEscape()" function firstly.

### Screenshot:

![image](https://user-images.githubusercontent.com/33891828/218069781-1a030f8b-18d0-4804-b0f8-73997849ef43.png)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2023-02-12 09:39:52 +00:00
..
agit Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
asymkey Refactor AssertExistsAndLoadBean to use generics (#20797) 2022-08-16 10:22:25 +08:00
attachment Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
auth refactor auth interface to return error when verify failure (#22119) (#22259) 2022-12-29 13:50:09 +08:00
automerge Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
comments Move issues related files into models/issues (#19931) 2022-06-13 17:37:59 +08:00
context Move almost all functions' parameter db.Engine to context.Context (#19748) 2022-05-20 22:08:52 +08:00
cron Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
externalaccount Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
forms Revert unrelated changes for SMTP auth (#21767) (#21768) 2022-11-10 16:11:56 -05:00
gitdiff Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
issue Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521) 2023-01-19 11:17:44 -06:00
lfs Prevent Authorization header for presigned LFS urls (#21531) 2022-10-22 21:36:44 +08:00
mailer Prevent multiple `To` recipients (#22566) (#22569) 2023-01-22 11:37:26 -06:00
markup Link mentioned user in markdown only if they are visible to viewer (#21554) 2022-10-23 17:13:52 +08:00
migrations Prevent duplicate labels when importing more than 99 (#22591) (#22598) 2023-01-24 14:48:21 -06:00
mirror Use proxy for pull mirror (#22771) (#22772) 2023-02-11 16:11:54 +08:00
org Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
packages refactor auth interface to return error when verify failure (#22119) (#22259) 2022-12-29 13:50:09 +08:00
pull Load issue before accessing index in merge message (#22822) (#22830) 2023-02-09 16:53:14 -05:00
release Revert "Do not send notifications for draft releases (#21451)" (#21594) 2022-10-26 00:00:00 +02:00
repository escape filename when assemble URL (#22850) (#22871) 2023-02-12 09:39:52 +00:00
task Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
user Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
webhook Fix wechatwork webhook sends empty content in PR review (#21762) (#22440) 2023-01-14 11:37:18 +08:00
wiki Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00