Clean up various use of escape/unescape functions for URL generation (#6334)

* Use PathUnescape instead of QueryUnescape when working with branch names Currently branch names with a '+' fail in certain situations because QueryUnescape replaces the + character with a blank space. Using PathUnescape should be better since it is defined as: // PathUnescape is identical to QueryUnescape except that it does not // unescape '+' to ' ' (space). Fixes #6333 * Change error to match new function name * Add new util function PathEscapeSegments This function simply runs PathEscape on each segment of a path without touching the forward slash itself. We want to use this instead of PathEscape/QueryEscape in most cases because a forward slash is a valid name for a branch etc... and we don't want that escaped in a URL. Putting this in new file url.go and also moving a couple similar functions into that file as well. * Use EscapePathSegments where appropriate Replace various uses of EscapePath/EscapeQuery with new EscapePathSegments. Also remove uncessary uses of various escape/unescape functions when the text had already been escaped or was not escaped. * Reformat comment to make drone build happy * Remove no longer used url library * Requested code changes
2025-07-03 09:07:19 +00:00 · 2019-03-18 10:00:23 -04:00
parent c151682fae
commit ca46385637
12 changed files with 80 additions and 68 deletions
--- a/routers/home.go
+++ b/routers/home.go
@ -7,7 +7,6 @@ package routers

 import (
 	"bytes"
-	"net/url"
 	"strings"

 	"code.gitea.io/gitea/models"
@ -48,7 +47,7 @@ func Home(ctx *context.Context) {
 		} else if ctx.User.MustChangePassword {
 			ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
 			ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
-			ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
+			ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL)
 			ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
 		} else {
 			user.Dashboard(ctx)
--- a/routers/private/repository.go
+++ b/routers/private/repository.go
@ -6,7 +6,6 @@ package private

 import (
 	"net/http"
-	"net/url"

 	"code.gitea.io/gitea/models"

@ -56,18 +55,18 @@ func GetRepository(ctx *macaron.Context) {
 func GetActivePullRequest(ctx *macaron.Context) {
 	baseRepoID := ctx.QueryInt64("baseRepoID")
 	headRepoID := ctx.QueryInt64("headRepoID")
-	baseBranch, err := url.QueryUnescape(ctx.QueryTrim("baseBranch"))
-	if err != nil {
+	baseBranch := ctx.QueryTrim("baseBranch")
+	if len(baseBranch) == 0 {
 		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
-			"err": err.Error(),
+			"err": "QueryTrim failed",
 		})
 		return
 	}

-	headBranch, err := url.QueryUnescape(ctx.QueryTrim("headBranch"))
-	if err != nil {
+	headBranch := ctx.QueryTrim("headBranch")
+	if len(headBranch) == 0 {
 		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
-			"err": err.Error(),
+			"err": "QueryTrim failed",
 		})
 		return
 	}
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@ -10,7 +10,6 @@ import (
 	"container/list"
 	"fmt"
 	"io"
-	"net/url"
 	"path"
 	"strings"

@ -633,10 +632,7 @@ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *
 		infoPath   string
 		err        error
 	)
-	infoPath, err = url.QueryUnescape(ctx.Params("*"))
-	if err != nil {
-		ctx.NotFound("QueryUnescape", err)
-	}
+	infoPath = ctx.Params("*")
 	infos := strings.Split(infoPath, "...")
 	if len(infos) != 2 {
 		log.Trace("ParseCompareInfo[%d]: not enough compared branches information %s", baseRepo.ID, infos)