tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-23 02:38:35 +00:00
Code Releases Activity

Clarify path param naming (#32969)

Browse Source 
In history (from some legacy frameworks), both `:name` and `name` are
supported as path path name, `:name` is an alias to `name`.

To make code consistent, now we should only use `name` but not `:name`.

Also added panic check in related functions to make sure the name won't
be abused in case some downstreams still use them.
This commit is contained in:
wxiaoguang
2024-12-24 21:47:45 +08:00
committed by GitHub
parent b8b690feb9
commit 2a828e2798
102 changed files with 461 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
routers/web/org/home.go
View File

@@ -28,14 +28,14 @@ const (
// Home show organization home page
func Home(ctx *context.Context) {
uname := ctx.PathParam(":username")
uname := ctx.PathParam("username")
if strings.HasSuffix(uname, ".keys") || strings.HasSuffix(uname, ".gpg") {
ctx.NotFound("", nil)
return
}
ctx.SetPathParam(":org", uname)
ctx.SetPathParam("org", uname)
context.HandleOrgAssignment(ctx)
if ctx.Written() {
return

6
routers/web/org/members.go
View File

@@ -90,7 +90,7 @@ func MembersAction(ctx *context.Context) {
org := ctx.Org.Organization
switch ctx.PathParam(":action") {
switch ctx.PathParam("action") {
case "private":
if ctx.Doer.ID != member.ID && !ctx.Org.IsOwner {
ctx.Error(http.StatusNotFound)
@@ -131,7 +131,7 @@ func MembersAction(ctx *context.Context) {
}
if err != nil {
log.Error("Action(%s): %v", ctx.PathParam(":action"), err)
log.Error("Action(%s): %v", ctx.PathParam("action"), err)
ctx.JSON(http.StatusOK, map[string]any{
"ok": false,
"err": err.Error(),
@@ -140,7 +140,7 @@ func MembersAction(ctx *context.Context) {
}
redirect := ctx.Org.OrgLink + "/members"
if ctx.PathParam(":action") == "leave" {
if ctx.PathParam("action") == "leave" {
redirect = setting.AppSubURL + "/"
}

32
routers/web/org/projects.go
View File

@@ -196,7 +196,7 @@ func NewProjectPost(ctx *context.Context) {
// ChangeProjectStatus updates the status of a project between "open" and "close"
func ChangeProjectStatus(ctx *context.Context) {
var toClose bool
switch ctx.PathParam(":action") {
switch ctx.PathParam("action") {
case "open":
toClose = false
case "close":
@@ -205,7 +205,7 @@ func ChangeProjectStatus(ctx *context.Context) {
ctx.JSONRedirect(ctx.ContextUser.HomeLink() + "/-/projects")
return
}
id := ctx.PathParamInt64(":id")
id := ctx.PathParamInt64("id")
if err := project_model.ChangeProjectStatusByRepoIDAndID(ctx, 0, id, toClose); err != nil {
ctx.NotFoundOrServerError("ChangeProjectStatusByRepoIDAndID", project_model.IsErrProjectNotExist, err)
@@ -216,7 +216,7 @@ func ChangeProjectStatus(ctx *context.Context) {
// DeleteProject delete a project
func DeleteProject(ctx *context.Context) {
p, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
p, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return
@@ -245,7 +245,7 @@ func RenderEditProject(ctx *context.Context) {
shared_user.RenderUserHeader(ctx)
p, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
p, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return
@@ -269,7 +269,7 @@ func RenderEditProject(ctx *context.Context) {
// EditProjectPost response for editing a project
func EditProjectPost(ctx *context.Context) {
form := web.GetForm(ctx).(*forms.CreateProjectForm)
projectID := ctx.PathParamInt64(":id")
projectID := ctx.PathParamInt64("id")
ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
ctx.Data["PageIsEditProjects"] = true
ctx.Data["PageIsViewProjects"] = true
@@ -318,7 +318,7 @@ func EditProjectPost(ctx *context.Context) {
// ViewProject renders the project with board view for a project
func ViewProject(ctx *context.Context) {
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return
@@ -447,18 +447,18 @@ func DeleteProjectColumn(ctx *context.Context) {
return
}
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return
}
pb, err := project_model.GetColumn(ctx, ctx.PathParamInt64(":columnID"))
pb, err := project_model.GetColumn(ctx, ctx.PathParamInt64("columnID"))
if err != nil {
ctx.ServerError("GetProjectColumn", err)
return
}
if pb.ProjectID != ctx.PathParamInt64(":id") {
if pb.ProjectID != ctx.PathParamInt64("id") {
ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
"message": fmt.Sprintf("ProjectColumn[%d] is not in Project[%d] as expected", pb.ID, project.ID),
})
@@ -472,7 +472,7 @@ func DeleteProjectColumn(ctx *context.Context) {
return
}
if err := project_model.DeleteColumnByID(ctx, ctx.PathParamInt64(":columnID")); err != nil {
if err := project_model.DeleteColumnByID(ctx, ctx.PathParamInt64("columnID")); err != nil {
ctx.ServerError("DeleteProjectColumnByID", err)
return
}
@@ -484,7 +484,7 @@ func DeleteProjectColumn(ctx *context.Context) {
func AddColumnToProjectPost(ctx *context.Context) {
form := web.GetForm(ctx).(*forms.EditProjectColumnForm)
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return
@@ -512,18 +512,18 @@ func CheckProjectColumnChangePermissions(ctx *context.Context) (*project_model.P
return nil, nil
}
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return nil, nil
}
column, err := project_model.GetColumn(ctx, ctx.PathParamInt64(":columnID"))
column, err := project_model.GetColumn(ctx, ctx.PathParamInt64("columnID"))
if err != nil {
ctx.ServerError("GetProjectColumn", err)
return nil, nil
}
if column.ProjectID != ctx.PathParamInt64(":id") {
if column.ProjectID != ctx.PathParamInt64("id") {
ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
"message": fmt.Sprintf("ProjectColumn[%d] is not in Project[%d] as expected", column.ID, project.ID),
})
@@ -587,7 +587,7 @@ func MoveIssues(ctx *context.Context) {
return
}
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64(":id"))
project, err := project_model.GetProjectByID(ctx, ctx.PathParamInt64("id"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectByID", project_model.IsErrProjectNotExist, err)
return
@@ -597,7 +597,7 @@ func MoveIssues(ctx *context.Context) {
return
}
column, err := project_model.GetColumn(ctx, ctx.PathParamInt64(":columnID"))
column, err := project_model.GetColumn(ctx, ctx.PathParamInt64("columnID"))
if err != nil {
ctx.NotFoundOrServerError("GetProjectColumn", project_model.IsErrProjectColumnNotExist, err)
return

4
routers/web/org/projects_test.go
View File

@@ -18,8 +18,8 @@ func TestCheckProjectColumnChangePermissions(t *testing.T) {
ctx, _ := contexttest.MockContext(t, "user2/-/projects/4/4")
contexttest.LoadUser(t, ctx, 2)
ctx.ContextUser = ctx.Doer // user2
ctx.SetPathParam(":id", "4")
ctx.SetPathParam(":columnID", "4")
ctx.SetPathParam("id", "4")
ctx.SetPathParam("columnID", "4")
project, column := org.CheckProjectColumnChangePermissions(ctx)
assert.NotNil(t, project)

14
routers/web/org/teams.go
View File

@@ -71,7 +71,7 @@ func Teams(ctx *context.Context) {
func TeamsAction(ctx *context.Context) {
page := ctx.FormString("page")
var err error
switch ctx.PathParam(":action") {
switch ctx.PathParam("action") {
case "join":
if !ctx.Org.IsOwner {
ctx.Error(http.StatusNotFound)
@@ -84,7 +84,7 @@ func TeamsAction(ctx *context.Context) {
if org_model.IsErrLastOrgOwner(err) {
ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
} else {
log.Error("Action(%s): %v", ctx.PathParam(":action"), err)
log.Error("Action(%s): %v", ctx.PathParam("action"), err)
ctx.JSON(http.StatusOK, map[string]any{
"ok": false,
"err": err.Error(),
@@ -111,7 +111,7 @@ func TeamsAction(ctx *context.Context) {
if org_model.IsErrLastOrgOwner(err) {
ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
} else {
log.Error("Action(%s): %v", ctx.PathParam(":action"), err)
log.Error("Action(%s): %v", ctx.PathParam("action"), err)
ctx.JSON(http.StatusOK, map[string]any{
"ok": false,
"err": err.Error(),
@@ -178,7 +178,7 @@ func TeamsAction(ctx *context.Context) {
}
if err := org_model.RemoveInviteByID(ctx, iid, ctx.Org.Team.ID); err != nil {
log.Error("Action(%s): %v", ctx.PathParam(":action"), err)
log.Error("Action(%s): %v", ctx.PathParam("action"), err)
ctx.ServerError("RemoveInviteByID", err)
return
}
@@ -192,7 +192,7 @@ func TeamsAction(ctx *context.Context) {
} else if errors.Is(err, user_model.ErrBlockedUser) {
ctx.Flash.Error(ctx.Tr("org.teams.members.blocked_user"))
} else {
log.Error("Action(%s): %v", ctx.PathParam(":action"), err)
log.Error("Action(%s): %v", ctx.PathParam("action"), err)
ctx.JSON(http.StatusOK, map[string]any{
"ok": false,
"err": err.Error(),
@@ -233,7 +233,7 @@ func TeamsRepoAction(ctx *context.Context) {
}
var err error
action := ctx.PathParam(":action")
action := ctx.PathParam("action")
switch action {
case "add":
repoName := path.Base(ctx.FormString("repo_name"))
@@ -258,7 +258,7 @@ func TeamsRepoAction(ctx *context.Context) {
}
if err != nil {
log.Error("Action(%s): '%s' %v", ctx.PathParam(":action"), ctx.Org.Team.Name, err)
log.Error("Action(%s): '%s' %v", ctx.PathParam("action"), ctx.Org.Team.Name, err)
ctx.ServerError("TeamsRepoAction", err)
return
}