1
0
Fork 0
forgejo/services
sillyguodong 51ab495198
escape filename when assemble URL (#22850)
Fixes: #22843 

### Cause:

affdd40296/services/repository/files/content.go (L161)

Previously, we did not escape the **"%"** that might be in "treePath"
when call "url.parse()".


![image](https://user-images.githubusercontent.com/33891828/218066318-5a909e50-2a17-46e6-b32f-684b2aa4b91f.png)

This function will check whether "%" is the beginning of an escape
character. Obviously, the "%" in the example (hello%mother.txt) is not
that. So, the function will return a error.

### Solution:
We can escape "treePath" by call "url.PathEscape()" function firstly.

### Screenshot:

![image](https://user-images.githubusercontent.com/33891828/218069781-1a030f8b-18d0-4804-b0f8-73997849ef43.png)

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2023-02-12 09:31:14 +08:00
..
actions Fix improper HTMLURL usages in Go code (#22839) 2023-02-11 14:34:11 +08:00
agit Rename almost all Ctx functions (#22071) 2022-12-10 10:46:31 +08:00
asymkey Supports wildcard protected branch (#20825) 2023-01-16 16:00:22 +08:00
attachment Add API management for issue/pull and comment attachments (#21783) 2022-12-09 14:35:56 +08:00
auth Map OIDC groups to Orgs/Teams (#21441) 2023-02-08 14:44:42 +08:00
automerge Improve trace logging for pulls and processes (#22633) 2023-02-03 18:11:48 -05:00
context Support org/user level projects (#22235) 2023-01-20 19:42:33 +08:00
convert Fix pull request API field closed_at always being null (#22482) 2023-01-17 11:42:32 +00:00
cron Add Cargo package registry (#21888) 2023-02-05 18:12:31 +08:00
externalaccount
forms Preview images for Issue cards in Project Board view (#22112) 2023-02-11 16:12:41 +08:00
gitdiff Refactor git command package to improve security and maintainability (#22678) 2023-02-04 10:30:43 +08:00
issue Webhooks: for issue close/reopen action, add commit ID that caused it (#22583) 2023-01-24 23:47:53 -05:00
lfs Use context parameter in models/git (#22367) 2023-01-09 11:50:54 +08:00
mailer fix permission check for creating comment while mail (#22524) 2023-01-28 17:28:55 +08:00
markup
migrations Prevent duplicate labels when importing more than 99 (#22591) 2023-01-24 19:44:55 +00:00
mirror Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
org
packages Use import of OCI structs (#22765) 2023-02-06 10:07:09 +00:00
pull Fix update by rebase being wrongly disabled by protected base branch (#22825) 2023-02-09 12:08:42 -05:00
release Add API management for issue/pull and comment attachments (#21783) 2022-12-09 14:35:56 +08:00
repository escape filename when assemble URL (#22850) 2023-02-12 09:31:14 +08:00
task
user Unify hashing for avatar (#22289) 2023-01-02 22:46:39 +01:00
webhook Webhooks: for issue close/reopen action, add commit ID that caused it (#22583) 2023-01-24 23:47:53 -05:00
wiki Improve utils of slices (#22379) 2023-01-11 13:31:16 +08:00