Avoid double-unescaping of form value (#26853)
1. The old `prepareQueryArg` did double-unescaping of form value. 2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`. Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
parent
e8aae43f56
commit
f01bed2443
|
@ -4,29 +4,18 @@
|
||||||
package context
|
package context
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/url"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
|
// GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
|
||||||
func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
|
func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
|
||||||
qCreatedBefore, err := prepareQueryArg(ctx, "before")
|
before, err = parseFormTime(ctx, "before")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, 0, err
|
return 0, 0, err
|
||||||
}
|
}
|
||||||
|
|
||||||
qCreatedSince, err := prepareQueryArg(ctx, "since")
|
since, err = parseFormTime(ctx, "since")
|
||||||
if err != nil {
|
|
||||||
return 0, 0, err
|
|
||||||
}
|
|
||||||
|
|
||||||
before, err = parseTime(qCreatedBefore)
|
|
||||||
if err != nil {
|
|
||||||
return 0, 0, err
|
|
||||||
}
|
|
||||||
|
|
||||||
since, err = parseTime(qCreatedSince)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, 0, err
|
return 0, 0, err
|
||||||
}
|
}
|
||||||
|
@ -34,7 +23,8 @@ func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseTime parse time and return unix timestamp
|
// parseTime parse time and return unix timestamp
|
||||||
func parseTime(value string) (int64, error) {
|
func parseFormTime(ctx *Base, name string) (int64, error) {
|
||||||
|
value := strings.TrimSpace(ctx.FormString(name))
|
||||||
if len(value) != 0 {
|
if len(value) != 0 {
|
||||||
t, err := time.Parse(time.RFC3339, value)
|
t, err := time.Parse(time.RFC3339, value)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) {
|
||||||
}
|
}
|
||||||
return 0, nil
|
return 0, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// prepareQueryArg unescape and trim a query arg
|
|
||||||
func prepareQueryArg(ctx *Base, name string) (value string, err error) {
|
|
||||||
value, err = url.PathUnescape(ctx.FormString(name))
|
|
||||||
value = strings.TrimSpace(value)
|
|
||||||
return value, err
|
|
||||||
}
|
|
||||||
|
|
|
@ -50,7 +50,6 @@ func MockContext(t *testing.T, reqPath string) (*context.Context, *httptest.Resp
|
||||||
base.Locale = &translation.MockLocale{}
|
base.Locale = &translation.MockLocale{}
|
||||||
|
|
||||||
ctx := context.NewWebContext(base, &MockRender{}, nil)
|
ctx := context.NewWebContext(base, &MockRender{}, nil)
|
||||||
ctx.Flash = &middleware.Flash{Values: url.Values{}}
|
|
||||||
|
|
||||||
chiCtx := chi.NewRouteContext()
|
chiCtx := chi.NewRouteContext()
|
||||||
ctx.Base.AppendContextValue(chi.RouteCtxKey, chiCtx)
|
ctx.Base.AppendContextValue(chi.RouteCtxKey, chiCtx)
|
||||||
|
|
|
@ -234,7 +234,7 @@ func TestAPISearchIssues(t *testing.T) {
|
||||||
DecodeJSON(t, resp, &apiIssues)
|
DecodeJSON(t, resp, &apiIssues)
|
||||||
assert.Len(t, apiIssues, expectedIssueCount)
|
assert.Len(t, apiIssues, expectedIssueCount)
|
||||||
|
|
||||||
since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
|
since := "2000-01-01T00:50:01+00:00" // 946687801
|
||||||
before := time.Unix(999307200, 0).Format(time.RFC3339)
|
before := time.Unix(999307200, 0).Format(time.RFC3339)
|
||||||
query.Add("since", since)
|
query.Add("since", since)
|
||||||
query.Add("before", before)
|
query.Add("before", before)
|
||||||
|
|
|
@ -368,7 +368,7 @@ func TestSearchIssues(t *testing.T) {
|
||||||
DecodeJSON(t, resp, &apiIssues)
|
DecodeJSON(t, resp, &apiIssues)
|
||||||
assert.Len(t, apiIssues, expectedIssueCount)
|
assert.Len(t, apiIssues, expectedIssueCount)
|
||||||
|
|
||||||
since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
|
since := "2000-01-01T00:50:01+00:00" // 946687801
|
||||||
before := time.Unix(999307200, 0).Format(time.RFC3339)
|
before := time.Unix(999307200, 0).Format(time.RFC3339)
|
||||||
query := url.Values{}
|
query := url.Values{}
|
||||||
query.Add("since", since)
|
query.Add("since", since)
|
||||||
|
|
Loading…
Reference in New Issue