meissa
/
forgejo
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
forgejo-federated-star
forgejo
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8093a13ff'
${ noResults }
forgejo/services
History
sillyguodong 51ab495198
escape filename when assemble URL (#22850) 
Fixes: #22843 

### Cause:

affdd40296/services/repository/files/content.go (L161)

Previously, we did not escape the **"%"** that might be in "treePath"
when call "url.parse()".


![image](https://user-images.githubusercontent.com/33891828/218066318-5a909e50-2a17-46e6-b32f-684b2aa4b91f.png)

This function will check whether "%" is the beginning of an escape
character. Obviously, the "%" in the example (hello%mother.txt) is not
that. So, the function will return a error.

### Solution:
We can escape "treePath" by call "url.PathEscape()" function firstly.

### Screenshot:

![image](https://user-images.githubusercontent.com/33891828/218069781-1a030f8b-18d0-4804-b0f8-73997849ef43.png)

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
 		1 year ago
..
actions Fix improper HTMLURL usages in Go code (#22839) 1 year ago
agit Rename almost all Ctx functions (#22071) 2 years ago
asymkey Supports wildcard protected branch (#20825) 1 year ago
attachment Add API management for issue/pull and comment attachments (#21783) 2 years ago
auth Map OIDC groups to Orgs/Teams (#21441) 1 year ago
automerge Improve trace logging for pulls and processes (#22633) 1 year ago
context Support org/user level projects (#22235) 1 year ago
convert Fix pull request API field `closed_at` always being `null` (#22482) 1 year ago
cron Add Cargo package registry (#21888) 1 year ago
externalaccount Implement FSFE REUSE for golang files (#21840) 2 years ago
forms Preview images for Issue cards in Project Board view (#22112) 1 year ago
gitdiff Refactor git command package to improve security and maintainability (#22678) 1 year ago
issue Webhooks: for issue close/reopen action, add commit ID that caused it (#22583) 1 year ago
lfs Use context parameter in models/git (#22367) 1 year ago
mailer fix permission check for creating comment while mail (#22524) 1 year ago
markup Implement FSFE REUSE for golang files (#21840) 2 years ago
migrations Prevent duplicate labels when importing more than 99 (#22591) 1 year ago
mirror Use proxy for pull mirror (#22771) 1 year ago
org Implement FSFE REUSE for golang files (#21840) 2 years ago
packages Use import of OCI structs (#22765) 1 year ago
pull Fix update by rebase being wrongly disabled by protected base branch (#22825) 1 year ago
release Add API management for issue/pull and comment attachments (#21783) 2 years ago
repository escape filename when assemble URL (#22850) 1 year ago
task Implement FSFE REUSE for golang files (#21840) 2 years ago
user Unify hashing for avatar (#22289) 2 years ago
webhook Webhooks: for issue close/reopen action, add commit ID that caused it (#22583) 1 year ago
wiki Improve utils of slices (#22379) 1 year ago