Skip to content

Commit

Permalink
Avoid double-unescaping of form value (go-gitea#26853)
Browse files Browse the repository at this point in the history
1. The old `prepareQueryArg` did double-unescaping of form value.
2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`.
  • Loading branch information
wxiaoguang committed Sep 1, 2023
1 parent 93c36f3 commit 37e1039
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 23 deletions.
25 changes: 4 additions & 21 deletions modules/context/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,37 +4,27 @@
package context

import (
"net/url"
"strings"
"time"
)

// GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
qCreatedBefore, err := prepareQueryArg(ctx, "before")
before, err = parseFormTime(ctx, "before")
if err != nil {
return 0, 0, err
}

qCreatedSince, err := prepareQueryArg(ctx, "since")
if err != nil {
return 0, 0, err
}

before, err = parseTime(qCreatedBefore)
if err != nil {
return 0, 0, err
}

since, err = parseTime(qCreatedSince)
since, err = parseFormTime(ctx, "since")
if err != nil {
return 0, 0, err
}
return before, since, nil
}

// parseTime parse time and return unix timestamp
func parseTime(value string) (int64, error) {
func parseFormTime(ctx *Base, name string) (int64, error) {
value := strings.TrimSpace(ctx.FormString(name))
if len(value) != 0 {
t, err := time.Parse(time.RFC3339, value)
if err != nil {
Expand All @@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) {
}
return 0, nil
}

// prepareQueryArg unescape and trim a query arg
func prepareQueryArg(ctx *Base, name string) (value string, err error) {
value, err = url.PathUnescape(ctx.FormString(name))
value = strings.TrimSpace(value)
return value, err
}
2 changes: 1 addition & 1 deletion tests/integration/api_issue_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ func TestAPISearchIssues(t *testing.T) {
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, expectedIssueCount)

since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
since := "2000-01-01T00:50:01+00:00" // 946687801
before := time.Unix(999307200, 0).Format(time.RFC3339)
query.Add("since", since)
query.Add("before", before)
Expand Down
2 changes: 1 addition & 1 deletion tests/integration/issue_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -368,7 +368,7 @@ func TestSearchIssues(t *testing.T) {
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, expectedIssueCount)

since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
since := "2000-01-01T00:50:01+00:00" // 946687801
before := time.Unix(999307200, 0).Format(time.RFC3339)
query := url.Values{}
query.Add("since", since)
Expand Down

0 comments on commit 37e1039

Please sign in to comment.