Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix some issues with special chars in branch names #3767

Merged
merged 14 commits into from
Sep 16, 2018
Merged

Fix some issues with special chars in branch names #3767

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
beecaca
Fix some issues with special chars in branch names
nubenum Apr 7, 2018
d9c1a01
switch to stdlib url escaping
nubenum Apr 9, 2018
f03bbf0
Merge branch 'master' into branch-special-chars
nubenum May 26, 2018
f11e90e
Merge branch 'master' into branch-special-chars
lafriks May 27, 2018
06991df
Merge branch 'master' into branch-special-chars
nubenum Jun 13, 2018
1237382
Fix legacy redirect for tree, fix code tab escape
nubenum Jun 13, 2018
e45e2e3
Merge branch 'master' into branch-special-chars
daviian Jun 16, 2018
e4db446
move link parts to translations
nubenum Jun 21, 2018
c0ba41a
Merge branch 'master' into branch-special-chars
nubenum Jul 21, 2018
7e70b0e
Merge branch 'master' into branch-special-chars
techknowlogick Sep 12, 2018
7d6d5f4
Update repo.go
techknowlogick Sep 12, 2018
ea10994
Merge branch 'master' into branch-special-chars
techknowlogick Sep 12, 2018
db2d7bc
Merge branch 'master' into branch-special-chars
techknowlogick Sep 13, 2018
52237fd
Merge branch 'master' into branch-special-chars
lafriks Sep 16, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions modules/context/repo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ package context
import (
"fmt"
"io/ioutil"
"net/url"
"path"
"strings"

Expand Down Expand Up @@ -618,10 +619,11 @@ func RepoRefByType(refType RepoRefType) macaron.Handler {

if refType == RepoRefLegacy {
// redirect from old URL scheme to new URL scheme
unescaped, _ := url.PathUnescape(ctx.Req.URL.String())
ctx.Redirect(path.Join(
setting.AppSubURL,
strings.TrimSuffix(ctx.Req.URL.String(), ctx.Params("*")),
ctx.Repo.BranchNameSubURL(),
strings.TrimSuffix(unescaped, ctx.Params("*")),
(&url.URL{Path: ctx.Repo.BranchNameSubURL()}).String(),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we just use url.PathEscape here instead? Just a thought. Didn't try it myself.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I tried that the last time, I got back into the endless loop that I was trying to fix in the first place. I have no idea what exactly the difference is.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked into that again:
String(): branch/s%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3Es
PathEscape(): branch%2Fs%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3Es

PathEscape also escapes slashes, which makes sense but is not wanted here because BranchNameSubURL already contains the branch/ prefix.

ctx.Repo.TreePath))
return
}
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/activity.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@
<div class="ui green label">{{$.i18n.Tr "repo.activity.published_release_label"}}</div>
{{.TagName}}
{{if not .IsTag}}
<a class="title has-emoji" href="{{$.Repository.HTMLURL}}/src/{{.TagName}}">{{.Title}}</a>
<a class="title has-emoji" href="{{$.Repository.HTMLURL}}/src/{{.TagName | EscapePound}}">{{.Title}}</a>
{{end}}
{{TimeSinceUnix .CreatedUnix $.Lang}}
</p>
Expand Down
4 changes: 2 additions & 2 deletions templates/repo/branch/list.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,10 @@
<tr>
<td>
{{if .IsDeleted}}
<s><a href="{{$.RepoLink}}/src/branch/{{.Name}}">{{.Name}}</a></s>
<s><a href="{{$.RepoLink}}/src/branch/{{.Name | EscapePound}}">{{.Name}}</a></s>
<p class="time">{{$.i18n.Tr "repo.branch.deleted_by" .DeletedBranch.DeletedBy.Name}} {{TimeSinceUnix .DeletedBranch.DeletedUnix $.i18n.Lang}}</p>
{{else}}
<a href="{{$.RepoLink}}/src/branch/{{.Name}}">{{.Name}}</a>
<a href="{{$.RepoLink}}/src/branch/{{.Name | EscapePound}}">{{.Name}}</a>
<p class="time">{{$.i18n.Tr "org.repo_updated"}} {{TimeSince .Commit.Committer.When $.i18n.Lang}}</p>
</td>
{{end}}
Expand Down
4 changes: 2 additions & 2 deletions templates/repo/commits_table.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
</div>
<div class="ten wide right aligned column">
{{if .PageIsCommits}}
<form class="ignore-dirty" action="{{.RepoLink}}/commits/{{.BranchNameSubURL}}/search">
<form class="ignore-dirty" action="{{.RepoLink}}/commits/{{.BranchNameSubURL | EscapePound}}/search">
<div class="ui tiny search input">
<input name="q" placeholder="{{.i18n.Tr "repo.commits.search"}}" value="{{.Keyword}}" autofocus>
</div>
Expand Down Expand Up @@ -79,4 +79,4 @@
</div>
{{end}}

{{template "base/paginate" .}}
{{template "base/paginate" .}}
4 changes: 2 additions & 2 deletions templates/repo/editor/edit.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@
<div class="ui top attached tabular menu" data-write="write" data-preview="preview" data-diff="diff">
<a class="active item" data-tab="write"><i class="octicon octicon-code"></i> {{if .IsNewFile}}{{.i18n.Tr "repo.editor.new_file"}}{{else}}{{.i18n.Tr "repo.editor.edit_file"}}{{end}}</a>
{{if not .IsNewFile}}
<a class="item" data-tab="preview" data-url="{{AppSubUrl}}/api/v1/markdown" data-context="{{.RepoLink}}/src/{{.BranchNameSubURL}}" data-preview-file-modes="{{.PreviewableFileModes}}"><i class="octicon octicon-eye"></i> {{.i18n.Tr "repo.release.preview"}}</a>
<a class="item" data-tab="diff" data-url="{{.RepoLink}}/_preview/{{.BranchName}}/{{.TreePath}}" data-context="{{.BranchLink}}"><i class="octicon octicon-diff"></i> {{.i18n.Tr "repo.editor.preview_changes"}}</a>
<a class="item" data-tab="preview" data-url="{{AppSubUrl}}/api/v1/markdown" data-context="{{.RepoLink}}/src/{{.BranchNameSubURL | EscapePound}}" data-preview-file-modes="{{.PreviewableFileModes}}"><i class="octicon octicon-eye"></i> {{.i18n.Tr "repo.release.preview"}}</a>
<a class="item" data-tab="diff" data-url="{{.RepoLink}}/_preview/{{.BranchName | EscapePound}}/{{.TreePath | EscapePound}}" data-context="{{.BranchLink}}"><i class="octicon octicon-diff"></i> {{.i18n.Tr "repo.editor.preview_changes"}}</a>
{{end}}
</div>
<div class="ui bottom attached active tab segment" data-tab="write">
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/header.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
<div class="ui tabs container">
<div class="ui tabular stackable menu navbar">
{{if .Repository.UnitEnabled $.UnitTypeCode}}
<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL}}{{end}}">
<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL | EscapePound}}{{end}}">
<i class="octicon octicon-code"></i> {{.i18n.Tr "repo.code"}}
</a>
{{end}}
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/home.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
<div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
{{if and .PullRequestCtx.Allowed .IsViewBranch}}
<div class="fitted item">
<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch}}...{{.Repository.Owner.Name}}:{{.BranchName}}">
<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{.Repository.Owner.Name}}:{{.BranchName | EscapePound}}">
<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
</a>
</div>
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/issue/view.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
{{if .PageIsIssueList}}
<a class="ui green button" href="{{.RepoLink}}/issues/new">{{.i18n.Tr "repo.issues.new"}}</a>
{{else}}
<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName}}...{{.PullRequestCtx.HeadInfo}}">{{.i18n.Tr "repo.pulls.new"}}</a>
<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName | EscapePound}}...{{.PullRequestCtx.HeadInfo | EscapePound}}">{{.i18n.Tr "repo.pulls.new"}}</a>
{{end}}
</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/pulls/commits.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<div class="navbar">
{{template "repo/issue/navbar" .}}
<div class="ui right">
<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName}}...{{.PullRequestCtx.HeadInfo}}">{{.i18n.Tr "repo.pulls.new"}}</a>
<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName | EscapePound}}...{{.PullRequestCtx.HeadInfo | EscapePound}}">{{.i18n.Tr "repo.pulls.new"}}</a>
</div>
</div>
<div class="ui divider"></div>
Expand Down
2 changes: 1 addition & 1 deletion templates/repo/pulls/files.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<div class="navbar">
{{template "repo/issue/navbar" .}}
<div class="ui right">
<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName}}...{{.PullRequestCtx.HeadInfo}}">{{.i18n.Tr "repo.pulls.new"}}</a>
<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName | EscapePound}}...{{.PullRequestCtx.HeadInfo | EscapePound}}">{{.i18n.Tr "repo.pulls.new"}}</a>
</div>
</div>
<div class="ui divider"></div>
Expand Down
16 changes: 8 additions & 8 deletions templates/repo/release/list.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
<span class="ui green label">{{$.i18n.Tr "repo.release.stable"}}</span>
{{end}}
<span class="tag text blue">
<a href="{{$.RepoLink}}/src/tag/{{.TagName}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
<a href="{{$.RepoLink}}/src/tag/{{.TagName | EscapePound}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
</span>
<span class="commit">
<a href="{{$.RepoLink}}/src/commit/{{.Sha1}}" rel="nofollow"><i class="code icon"></i> {{ShortSha .Sha1}}</a>
Expand All @@ -38,19 +38,19 @@
<div class="ui twelve wide column detail">
{{if .IsTag}}
<h4>
<a href="{{$.RepoLink}}/src/tag/{{.TagName}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
<a href="{{$.RepoLink}}/src/tag/{{.TagName | EscapePound}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
</h4>
<div class="download">
{{if $.Repository.UnitEnabled $.UnitTypeCode}}
<a href="{{$.RepoLink}}/src/commit/{{.Sha1}}" rel="nofollow"><i class="code icon"></i> {{ShortSha .Sha1}}</a>
<a href="{{$.RepoLink}}/archive/{{.TagName}}.zip" rel="nofollow"><i class="octicon octicon-file-zip"></i> ZIP</a>
<a href="{{$.RepoLink}}/archive/{{.TagName}}.tar.gz"><i class="octicon octicon-file-zip"></i> TAR.GZ</a>
<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.zip" rel="nofollow"><i class="octicon octicon-file-zip"></i> ZIP</a>
<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.tar.gz"><i class="octicon octicon-file-zip"></i> TAR.GZ</a>
{{end}}
</div>
{{else}}
<h3>
<a href="{{$.RepoLink}}/src/tag/{{.TagName}}">{{.Title}}</a>
{{if $.IsRepositoryWriter}}<small>(<a href="{{$.RepoLink}}/releases/edit/{{.TagName}}" rel="nofollow">{{$.i18n.Tr "repo.release.edit"}}</a>)</small>{{end}}
<a href="{{$.RepoLink}}/src/tag/{{.TagName | EscapePound}}">{{.Title}}</a>
{{if $.IsRepositoryWriter}}<small>(<a href="{{$.RepoLink}}/releases/edit/{{.TagName | EscapePound}}" rel="nofollow">{{$.i18n.Tr "repo.release.edit"}}</a>)</small>{{end}}
</h3>
<p class="text grey">
<span class="author">
Expand All @@ -68,10 +68,10 @@
<ul class="list">
{{if $.Repository.UnitEnabled $.UnitTypeCode}}
<li>
<a href="{{$.RepoLink}}/archive/{{.TagName}}.zip" rel="nofollow"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (ZIP)</strong></a>
<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.zip" rel="nofollow"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (ZIP)</strong></a>
</li>
<li>
<a href="{{$.RepoLink}}/archive/{{.TagName}}.tar.gz"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (TAR.GZ)</strong></a>
<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.tar.gz"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (TAR.GZ)</strong></a>
</li>
{{end}}
{{if .Attachments}}
Expand Down
4 changes: 2 additions & 2 deletions templates/repo/settings/branches.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
<div class="default text">{{.i18n.Tr "repo.settings.choose_branch"}}</div>
<div class="menu transition hidden" tabindex="-1" style="display: block !important;">
{{range .LeftBranches}}
<a class="item" href="{{$.Repository.Link}}/settings/branches/{{.}}">{{.}}</a>
<a class="item" href="{{$.Repository.Link}}/settings/branches/{{. | EscapePound}}">{{.}}</a>
{{end}}
</div>
</div>
Expand All @@ -62,7 +62,7 @@
{{range .ProtectedBranches}}
<tr>
<td><div class="ui basic label blue">{{.BranchName}}</div></td>
<td class="right aligned"><a class="rm ui button" href="{{$.Repository.Link}}/settings/branches/{{.BranchName}}">Edit</a></td>
<td class="right aligned"><a class="rm ui button" href="{{$.Repository.Link}}/settings/branches/{{.BranchName | EscapePound}}">Edit</a></td>
</tr>
{{else}}
<tr class="center aligned"><td>{{.i18n.Tr "repo.settings.no_protected_branch"}}</td></tr>
Expand Down
7 changes: 4 additions & 3 deletions templates/user/dashboard/feeds.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@
{{else if eq .GetOpType 2}}
{{$.i18n.Tr "action.rename_repo" .GetContent .GetRepoLink .ShortRepoPath | Str2html}}
{{else if eq .GetOpType 5}}
{{ $branchLink := .GetBranch | EscapePound}}
{{$.i18n.Tr "action.commit_repo" .GetRepoLink $branchLink .GetBranch .ShortRepoPath | Str2html}}
{{ $branchLink := (printf "branch/%s" .GetBranch) | EscapePound | Escape}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should go into the translation file that already holds a part of the url.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it really a good idea to put even more code there that is redundant across all translations? If so, am I supposed to edit the en-US file so that all translations have to be adapted via crowdin?

Copy link
Member

@daviian daviian Jun 21, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just don't like that one part is in the locale file and another one in code. It should be either or and not both.
Yes, just commit the en-US file with the changes and crowdin will spread the word that there are new changes that need translations

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok moved it to the translations file. Maybe it would be a good idea to pass the entire links as parameters: pushed to %s at %s. But I think this is something for another PR.

{{$.i18n.Tr "action.commit_repo" .GetRepoLink $branchLink (Escape .GetBranch) .ShortRepoPath | Str2html}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use $branchLink twice instead of (Escape .GetBranch)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I chose to do that because EscapePound does url escaping and in general you would not want the branch names to be displayed like that (unless you want to punish users for using chars like ?# and whitespace in their branch names :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense.

{{else if eq .GetOpType 6}}
{{ $index := index .GetIssueInfos 0}}
{{$.i18n.Tr "action.create_issue" .GetRepoLink $index .ShortRepoPath | Str2html}}
Expand All @@ -24,7 +24,8 @@
{{else if eq .GetOpType 8}}
{{$.i18n.Tr "action.transfer_repo" .GetContent .GetRepoLink .ShortRepoPath | Str2html}}
{{else if eq .GetOpType 9}}
{{$.i18n.Tr "action.push_tag" .GetRepoLink .GetBranch .ShortRepoPath | Str2html}}
{{ $branchLink := .GetBranch | EscapePound | Escape}}
Copy link
Member

@daviian daviian Jun 16, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be also the non-legacy path like at https://github.com/go-gitea/gitea/pull/3767/files#diff-06961515e08a5e52a731517765266c80R16 ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment from above also applies here.

{{$.i18n.Tr "action.push_tag" .GetRepoLink $branchLink .ShortRepoPath | Str2html}}
{{else if eq .GetOpType 10}}
{{ $index := index .GetIssueInfos 0}}
{{$.i18n.Tr "action.comment_issue" .GetRepoLink $index .ShortRepoPath | Str2html}}
Expand Down