From e8da63c24ef9b950999364a86c3a01de6f460e4c Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Fri, 1 Sep 2023 21:15:00 +0800 Subject: [PATCH] Avoid double-unescaping of form value (#26853) (#26863) Backport #26853 The old `prepareQueryArg` did double-unescaping of form value. --- modules/context/utils.go | 25 ++++--------------------- tests/integration/api_issue_test.go | 2 +- tests/integration/issue_test.go | 2 +- 3 files changed, 6 insertions(+), 23 deletions(-) diff --git a/modules/context/utils.go b/modules/context/utils.go index c0f619aa23..293750fee1 100644 --- a/modules/context/utils.go +++ b/modules/context/utils.go @@ -4,29 +4,18 @@ package context import ( - "net/url" "strings" "time" ) // GetQueryBeforeSince return parsed time (unix format) from URL query's before and since func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) { - qCreatedBefore, err := prepareQueryArg(ctx, "before") + before, err = parseFormTime(ctx, "before") if err != nil { return 0, 0, err } - qCreatedSince, err := prepareQueryArg(ctx, "since") - if err != nil { - return 0, 0, err - } - - before, err = parseTime(qCreatedBefore) - if err != nil { - return 0, 0, err - } - - since, err = parseTime(qCreatedSince) + since, err = parseFormTime(ctx, "since") if err != nil { return 0, 0, err } @@ -34,7 +23,8 @@ func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) { } // parseTime parse time and return unix timestamp -func parseTime(value string) (int64, error) { +func parseFormTime(ctx *Base, name string) (int64, error) { + value := strings.TrimSpace(ctx.FormString(name)) if len(value) != 0 { t, err := time.Parse(time.RFC3339, value) if err != nil { @@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) { } return 0, nil } - -// prepareQueryArg unescape and trim a query arg -func prepareQueryArg(ctx *Base, name string) (value string, err error) { - value, err = url.PathUnescape(ctx.FormString(name)) - value = strings.TrimSpace(value) - return value, err -} diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go index 8b02342d88..9af1133577 100644 --- a/tests/integration/api_issue_test.go +++ b/tests/integration/api_issue_test.go @@ -234,7 +234,7 @@ func TestAPISearchIssues(t *testing.T) { DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) - since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801 + since := "2000-01-01T00:50:01+00:00" // 946687801 before := time.Unix(999307200, 0).Format(time.RFC3339) query.Add("since", since) query.Add("before", before) diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go index 7ea7fefb64..7cf2c5a899 100644 --- a/tests/integration/issue_test.go +++ b/tests/integration/issue_test.go @@ -368,7 +368,7 @@ func TestSearchIssues(t *testing.T) { DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) - since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801 + since := "2000-01-01T00:50:01+00:00" // 946687801 before := time.Unix(999307200, 0).Format(time.RFC3339) query := url.Values{} query.Add("since", since)