From f01bed2443c32b8017a8dc31ca0161bd76bf3251 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Fri, 1 Sep 2023 20:01:36 +0800 Subject: [PATCH] Avoid double-unescaping of form value (#26853) 1. The old `prepareQueryArg` did double-unescaping of form value. 2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`. Co-authored-by: Giteabot --- modules/context/utils.go | 25 ++++--------------------- modules/contexttest/context_tests.go | 1 - tests/integration/api_issue_test.go | 2 +- tests/integration/issue_test.go | 2 +- 4 files changed, 6 insertions(+), 24 deletions(-) diff --git a/modules/context/utils.go b/modules/context/utils.go index c0f619aa2..293750fee 100644 --- a/modules/context/utils.go +++ b/modules/context/utils.go @@ -4,29 +4,18 @@ package context import ( - "net/url" "strings" "time" ) // GetQueryBeforeSince return parsed time (unix format) from URL query's before and since func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) { - qCreatedBefore, err := prepareQueryArg(ctx, "before") + before, err = parseFormTime(ctx, "before") if err != nil { return 0, 0, err } - qCreatedSince, err := prepareQueryArg(ctx, "since") - if err != nil { - return 0, 0, err - } - - before, err = parseTime(qCreatedBefore) - if err != nil { - return 0, 0, err - } - - since, err = parseTime(qCreatedSince) + since, err = parseFormTime(ctx, "since") if err != nil { return 0, 0, err } @@ -34,7 +23,8 @@ func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) { } // parseTime parse time and return unix timestamp -func parseTime(value string) (int64, error) { +func parseFormTime(ctx *Base, name string) (int64, error) { + value := strings.TrimSpace(ctx.FormString(name)) if len(value) != 0 { t, err := time.Parse(time.RFC3339, value) if err != nil { @@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) { } return 0, nil } - -// prepareQueryArg unescape and trim a query arg -func prepareQueryArg(ctx *Base, name string) (value string, err error) { - value, err = url.PathUnescape(ctx.FormString(name)) - value = strings.TrimSpace(value) - return value, err -} diff --git a/modules/contexttest/context_tests.go b/modules/contexttest/context_tests.go index f8fb0859e..ea91bc500 100644 --- a/modules/contexttest/context_tests.go +++ b/modules/contexttest/context_tests.go @@ -50,7 +50,6 @@ func MockContext(t *testing.T, reqPath string) (*context.Context, *httptest.Resp base.Locale = &translation.MockLocale{} ctx := context.NewWebContext(base, &MockRender{}, nil) - ctx.Flash = &middleware.Flash{Values: url.Values{}} chiCtx := chi.NewRouteContext() ctx.Base.AppendContextValue(chi.RouteCtxKey, chiCtx) diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go index 5f4c1e6a4..5d4b9725d 100644 --- a/tests/integration/api_issue_test.go +++ b/tests/integration/api_issue_test.go @@ -234,7 +234,7 @@ func TestAPISearchIssues(t *testing.T) { DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) - since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801 + since := "2000-01-01T00:50:01+00:00" // 946687801 before := time.Unix(999307200, 0).Format(time.RFC3339) query.Add("since", since) query.Add("before", before) diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go index 58577a37f..560f56951 100644 --- a/tests/integration/issue_test.go +++ b/tests/integration/issue_test.go @@ -368,7 +368,7 @@ func TestSearchIssues(t *testing.T) { DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) - since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801 + since := "2000-01-01T00:50:01+00:00" // 946687801 before := time.Unix(999307200, 0).Format(time.RFC3339) query := url.Values{} query.Add("since", since)