Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

raw: URL encode the links to raw view of files #1383

Merged
merged 1 commit into from
Oct 26, 2021

Conversation

flaix
Copy link
Member

@flaix flaix commented Oct 24, 2021

This still needs to be tested in a Tomcat. So far only checked with Gitblit GO.

So far links to raw view were not encoded. The browser did some encoding
of spaces on its own, which the servlet would unescape, since it uses
the `HttpServletRequest.getPathInfo` method. That decodes the path
before returning it.
A problem arises when a bracket is in the file (or folder) name. The
brackets are the characters that are not allowed in the path, according
to the `URI.parse` method. (Which is a bit harsh, because brackets
actually are only reserved for the host part since IPv6.) That means
that the decoding fails when a bracket character is encountered.
This went unnoticed since the failed decoding will return the path
as it got it. But once there is a space in the file name, which the
browser helpfully encoded for us, the failed decoding will now leave the
encoded space in there. And that will result in a path that does not
exist, e.g. `file%20[a]`.

To be on the safe side, we simply encode the path in the links that we
generate, so that it complies with the rules that are used in `getPathInfo`.

This fixes gitblit-org#1375.
@flaix
Copy link
Member Author

flaix commented Oct 26, 2021

Tested with Tomcat 9 that the raw links are accessible.

@flaix flaix merged commit 977e724 into gitblit-org:master Oct 26, 2021
@flaix flaix deleted the encode-raw-links branch October 26, 2021 17:52
@flaix flaix added this to the 1.9.2 milestone Nov 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hacktoberfest-accepted Accepted Hacktoberfest contribution, will merge later.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant