1
1
mirror of https://github.com/go-gitea/gitea synced 2025-01-05 15:34:25 +00:00

Fix improper HTMLURL usages in Go code (#22839)

In Go code, HTMLURL should be only used for external systems, like
API/webhook/mail/notification, etc.

If a URL is used by `Redirect` or rendered in a template, it should be a
relative URL (aka `Link()` in Gitea)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
wxiaoguang 2023-02-11 14:34:11 +08:00 committed by GitHub
parent 1cb8d14bf7
commit e9288c2477
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 33 additions and 33 deletions

View File

@ -274,7 +274,7 @@ func (repo *Repository) CommitLink(commitID string) (result string) {
if commitID == "" || commitID == "0000000000000000000000000000000000000000" { if commitID == "" || commitID == "0000000000000000000000000000000000000000" {
result = "" result = ""
} else { } else {
result = repo.HTMLURL() + "/commit/" + url.PathEscape(commitID) result = repo.Link() + "/commit/" + url.PathEscape(commitID)
} }
return result return result
} }

View File

@ -743,9 +743,9 @@ func RepoAssignment(ctx *Context) (cancel context.CancelFunc) {
if ctx.FormString("go-get") == "1" { if ctx.FormString("go-get") == "1" {
ctx.Data["GoGetImport"] = ComposeGoGetImport(owner.Name, repo.Name) ctx.Data["GoGetImport"] = ComposeGoGetImport(owner.Name, repo.Name)
prefix := repo.HTMLURL() + "/src/branch/" + util.PathEscapeSegments(ctx.Repo.BranchName) fullURLPrefix := repo.HTMLURL() + "/src/branch/" + util.PathEscapeSegments(ctx.Repo.BranchName)
ctx.Data["GoDocDirectory"] = prefix + "{/dir}" ctx.Data["GoDocDirectory"] = fullURLPrefix + "{/dir}"
ctx.Data["GoDocFile"] = prefix + "{/dir}/{file}#L{line}" ctx.Data["GoDocFile"] = fullURLPrefix + "{/dir}/{file}#L{line}"
} }
return cancel return cancel
} }

View File

@ -70,7 +70,7 @@ func List(ctx *context.Context) {
} }
ctx.Data["workflows"] = workflows ctx.Data["workflows"] = workflows
ctx.Data["RepoLink"] = ctx.Repo.Repository.HTMLURL() ctx.Data["RepoLink"] = ctx.Repo.Repository.Link()
page := ctx.FormInt("page") page := ctx.FormInt("page")
if page <= 0 { if page <= 0 {

View File

@ -100,7 +100,7 @@ func MustAllowUserComment(ctx *context.Context) {
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked")) ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
return return
} }
} }
@ -927,7 +927,7 @@ func NewIssueChooseTemplate(ctx *context.Context) {
if len(issueTemplates) == 0 { if len(issueTemplates) == 0 {
// The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if no template here, just redirect to the "issues/new" page with these parameters. // The "issues/new" and "issues/new/choose" share the same query parameters "project" and "milestone", if no template here, just redirect to the "issues/new" page with these parameters.
ctx.Redirect(fmt.Sprintf("%s/issues/new?%s", ctx.Repo.Repository.HTMLURL(), ctx.Req.URL.RawQuery), http.StatusSeeOther) ctx.Redirect(fmt.Sprintf("%s/issues/new?%s", ctx.Repo.Repository.Link(), ctx.Req.URL.RawQuery), http.StatusSeeOther)
return return
} }
@ -950,11 +950,11 @@ func DeleteIssue(ctx *context.Context) {
} }
if issue.IsPull { if issue.IsPull {
ctx.Redirect(fmt.Sprintf("%s/pulls", ctx.Repo.Repository.HTMLURL()), http.StatusSeeOther) ctx.Redirect(fmt.Sprintf("%s/pulls", ctx.Repo.Repository.Link()), http.StatusSeeOther)
return return
} }
ctx.Redirect(fmt.Sprintf("%s/issues", ctx.Repo.Repository.HTMLURL()), http.StatusSeeOther) ctx.Redirect(fmt.Sprintf("%s/issues", ctx.Repo.Repository.Link()), http.StatusSeeOther)
} }
// ValidateRepoMetas check and returns repository's meta information // ValidateRepoMetas check and returns repository's meta information
@ -1425,7 +1425,7 @@ func ViewIssue(ctx *context.Context) {
return return
} }
// Add link to the issue of the already running stopwatch // Add link to the issue of the already running stopwatch
ctx.Data["OtherStopwatchURL"] = otherIssue.HTMLURL() ctx.Data["OtherStopwatchURL"] = otherIssue.Link()
} }
} }
ctx.Data["CanUseTimetracker"] = ctx.Repo.CanUseTimetracker(issue, ctx.Doer) ctx.Data["CanUseTimetracker"] = ctx.Repo.CanUseTimetracker(issue, ctx.Doer)
@ -2658,7 +2658,7 @@ func NewComment(ctx *context.Context) {
if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked")) ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked"))
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
return return
} }
@ -2669,7 +2669,7 @@ func NewComment(ctx *context.Context) {
if ctx.HasError() { if ctx.HasError() {
ctx.Flash.Error(ctx.Data["ErrorMsg"].(string)) ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
return return
} }

View File

@ -34,7 +34,7 @@ func AddDependency(ctx *context.Context) {
} }
// Redirect // Redirect
defer ctx.Redirect(issue.HTMLURL()) defer ctx.Redirect(issue.Link())
// Dependency // Dependency
dep, err := issues_model.GetIssueByID(ctx, depID) dep, err := issues_model.GetIssueByID(ctx, depID)
@ -124,5 +124,5 @@ func RemoveDependency(ctx *context.Context) {
} }
// Redirect // Redirect
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
} }

View File

@ -21,13 +21,13 @@ func LockIssue(ctx *context.Context) {
if issue.IsLocked { if issue.IsLocked {
ctx.Flash.Error(ctx.Tr("repo.issues.lock_duplicate")) ctx.Flash.Error(ctx.Tr("repo.issues.lock_duplicate"))
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
return return
} }
if !form.HasValidReason() { if !form.HasValidReason() {
ctx.Flash.Error(ctx.Tr("repo.issues.lock.unknown_reason")) ctx.Flash.Error(ctx.Tr("repo.issues.lock.unknown_reason"))
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
return return
} }
@ -40,7 +40,7 @@ func LockIssue(ctx *context.Context) {
return return
} }
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
} }
// UnlockIssue unlocks a previously locked issue. // UnlockIssue unlocks a previously locked issue.
@ -52,7 +52,7 @@ func UnlockIssue(ctx *context.Context) {
if !issue.IsLocked { if !issue.IsLocked {
ctx.Flash.Error(ctx.Tr("repo.issues.unlock_error")) ctx.Flash.Error(ctx.Tr("repo.issues.unlock_error"))
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
return return
} }
@ -64,5 +64,5 @@ func UnlockIssue(ctx *context.Context) {
return return
} }
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
} }

View File

@ -40,7 +40,7 @@ func IssueStopwatch(c *context.Context) {
c.Flash.Success(c.Tr("repo.issues.tracker_auto_close")) c.Flash.Success(c.Tr("repo.issues.tracker_auto_close"))
} }
url := issue.HTMLURL() url := issue.Link()
c.Redirect(url, http.StatusSeeOther) c.Redirect(url, http.StatusSeeOther)
} }
@ -72,7 +72,7 @@ func CancelStopwatch(c *context.Context) {
}) })
} }
url := issue.HTMLURL() url := issue.Link()
c.Redirect(url, http.StatusSeeOther) c.Redirect(url, http.StatusSeeOther)
} }

View File

@ -26,7 +26,7 @@ func AddTimeManually(c *context.Context) {
c.NotFound("CanUseTimetracker", nil) c.NotFound("CanUseTimetracker", nil)
return return
} }
url := issue.HTMLURL() url := issue.Link()
if c.HasError() { if c.HasError() {
c.Flash.Error(c.GetErrMsg()) c.Flash.Error(c.GetErrMsg())
@ -83,5 +83,5 @@ func DeleteTime(c *context.Context) {
} }
c.Flash.Success(c.Tr("repo.issues.del_time_history", util.SecToTime(t.Time))) c.Flash.Success(c.Tr("repo.issues.del_time_history", util.SecToTime(t.Time)))
c.Redirect(issue.HTMLURL()) c.Redirect(issue.Link())
} }

View File

@ -52,5 +52,5 @@ func IssueWatch(ctx *context.Context) {
return return
} }
ctx.Redirect(issue.HTMLURL()) ctx.Redirect(issue.Link())
} }

View File

@ -98,7 +98,7 @@ func CreateCodeComment(ctx *context.Context) {
renderConversation(ctx, comment) renderConversation(ctx, comment)
return return
} }
ctx.Redirect(comment.HTMLURL()) ctx.Redirect(comment.Link())
} }
// UpdateResolveConversation add or remove an Conversation resolved mark // UpdateResolveConversation add or remove an Conversation resolved mark

View File

@ -295,7 +295,7 @@ func LatestRelease(ctx *context.Context) {
return return
} }
ctx.Redirect(release.HTMLURL()) ctx.Redirect(release.Link())
} }
// NewRelease render creating or edit release page // NewRelease render creating or edit release page

View File

@ -344,7 +344,7 @@ func acceptOrRejectRepoTransfer(ctx *context.Context, accept bool) error {
ctx.Flash.Success(ctx.Tr("repo.settings.transfer.rejected")) ctx.Flash.Success(ctx.Tr("repo.settings.transfer.rejected"))
} }
ctx.Redirect(ctx.Repo.Repository.HTMLURL()) ctx.Redirect(ctx.Repo.Repository.Link())
return nil return nil
} }

View File

@ -54,7 +54,7 @@ func Search(ctx *context.Context) {
ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable() ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable()
} }
ctx.Data["SourcePath"] = ctx.Repo.Repository.HTMLURL() ctx.Data["SourcePath"] = ctx.Repo.Repository.Link()
ctx.Data["SearchResults"] = searchResults ctx.Data["SearchResults"] = searchResults
ctx.Data["SearchResultLanguages"] = searchResultLanguages ctx.Data["SearchResultLanguages"] = searchResultLanguages

View File

@ -318,7 +318,7 @@ func renderReadmeFile(ctx *context.Context, readmeFile *namedBlob, readmeTreelin
if fInfo.isLFSFile { if fInfo.isLFSFile {
filenameBase64 := base64.RawURLEncoding.EncodeToString([]byte(readmeFile.name)) filenameBase64 := base64.RawURLEncoding.EncodeToString([]byte(readmeFile.name))
ctx.Data["RawFileLink"] = fmt.Sprintf("%s.git/info/lfs/objects/%s/%s", ctx.Repo.Repository.HTMLURL(), url.PathEscape(fInfo.lfsMeta.Oid), url.PathEscape(filenameBase64)) ctx.Data["RawFileLink"] = fmt.Sprintf("%s.git/info/lfs/objects/%s/%s", ctx.Repo.Repository.Link(), url.PathEscape(fInfo.lfsMeta.Oid), url.PathEscape(filenameBase64))
} }
if !fInfo.isTextFile { if !fInfo.isTextFile {
@ -738,7 +738,7 @@ func Home(ctx *context.Context) {
} }
ctx.Data["EnableFeed"] = true ctx.Data["EnableFeed"] = true
ctx.Data["FeedURL"] = ctx.Repo.Repository.HTMLURL() ctx.Data["FeedURL"] = ctx.Repo.Repository.Link()
} }
checkHomeCodeViewable(ctx) checkHomeCodeViewable(ctx)

View File

@ -376,7 +376,7 @@ func PackageSettingsPost(ctx *context.Context) {
ctx.Flash.Success(ctx.Tr("packages.settings.delete.success")) ctx.Flash.Success(ctx.Tr("packages.settings.delete.success"))
} }
ctx.Redirect(ctx.Package.Owner.HTMLURL() + "/-/packages") ctx.Redirect(ctx.Package.Owner.HomeLink() + "/-/packages")
return return
} }
} }

View File

@ -47,7 +47,7 @@ func Profile(ctx *context.Context) {
} }
// advertise feed via meta tag // advertise feed via meta tag
ctx.Data["FeedURL"] = ctx.ContextUser.HTMLURL() ctx.Data["FeedURL"] = ctx.ContextUser.HomeLink()
// Show OpenID URIs // Show OpenID URIs
openIDs, err := user_model.GetUserOpenIDs(ctx.ContextUser.ID) openIDs, err := user_model.GetUserOpenIDs(ctx.ContextUser.ID)

View File

@ -59,7 +59,7 @@ func CreateCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
Creator: creator, Creator: creator,
CommitStatus: &git_model.CommitStatus{ CommitStatus: &git_model.CommitStatus{
SHA: sha, SHA: sha,
TargetURL: run.HTMLURL(), TargetURL: run.Link(),
Description: "", Description: "",
Context: ctxname, Context: ctxname,
CreatorID: payload.Pusher.ID, CreatorID: payload.Pusher.ID,