forked from gitea/gitea
1
0
Fork 0
gitea/modules/lfs
Yarden Shoham 43d1183f67
escape filename when assemble URL (#22850) (#22871)
Backport #22850

Fixes: #22843 

### Cause:

affdd40296/services/repository/files/content.go (L161)

Previously, we did not escape the **"%"** that might be in "treePath"
when call "url.parse()".


![image](https://user-images.githubusercontent.com/33891828/218066318-5a909e50-2a17-46e6-b32f-684b2aa4b91f.png)

This function will check whether "%" is the beginning of an escape
character. Obviously, the "%" in the example (hello%mother.txt) is not
that. So, the function will return a error.

### Solution:
We can escape "treePath" by call "url.PathEscape()" function firstly.

### Screenshot:

![image](https://user-images.githubusercontent.com/33891828/218069781-1a030f8b-18d0-4804-b0f8-73997849ef43.png)

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2023-02-12 09:39:52 +00:00
..
LICENSE Git LFS support v2 (#122) 2016-12-26 09:16:37 +08:00
client.go Use `hostmatcher` to replace `matchlist`, improve security (#17605) 2021-11-20 17:34:05 +08:00
client_test.go Use `hostmatcher` to replace `matchlist`, improve security (#17605) 2021-11-20 17:34:05 +08:00
content_store.go Removed some vestigial code related to Range bounds checks (#20312) 2022-07-28 11:04:36 +08:00
endpoint.go escape filename when assemble URL (#22850) (#22871) 2023-02-12 09:39:52 +00:00
endpoint_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
filesystem_client.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
http_client.go Use `hostmatcher` to replace `matchlist`, improve security (#17605) 2021-11-20 17:34:05 +08:00
http_client_test.go Update HTTP status codes to modern codes (#18063) 2022-03-23 12:54:07 +08:00
pointer.go Improve SyncMirrors logging (#19045) 2022-03-10 10:09:48 +00:00
pointer_scanner_gogit.go Remove legacy `+build:` constraint (#19582) 2022-05-02 23:22:45 +08:00
pointer_scanner_nogogit.go Remove legacy `+build:` constraint (#19582) 2022-05-02 23:22:45 +08:00
pointer_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
shared.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
transferadapter.go Fix source typos (#18227) 2022-01-10 23:46:26 +08:00
transferadapter_test.go refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00