Skip to content

Commit 872d308

Browse files
jpraetjpraet
authored
escape branch names in compare url (#14364)
1 parent 66e426b commit 872d308

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

routers/repo/editor.go

+5-5
Original file line numberDiff line numberDiff line change
@@ -287,7 +287,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
287287
} else if models.IsErrCommitIDDoesNotMatch(err) {
288288
ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+ctx.Repo.CommitID), tplEditFile, &form)
289289
} else if git.IsErrPushOutOfDate(err) {
290-
ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+form.NewBranchName), tplEditFile, &form)
290+
ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+util.PathEscapeSegments(form.NewBranchName)), tplEditFile, &form)
291291
} else if git.IsErrPushRejected(err) {
292292
errPushRej := err.(*git.ErrPushRejected)
293293
if len(errPushRej.Message) == 0 {
@@ -319,7 +319,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
319319
}
320320

321321
if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(models.UnitTypePullRequests) {
322-
ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + ctx.Repo.BranchName + "..." + form.NewBranchName)
322+
ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
323323
} else {
324324
ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(branchName) + "/" + util.PathEscapeSegments(form.TreePath))
325325
}
@@ -500,7 +500,7 @@ func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
500500

501501
ctx.Flash.Success(ctx.Tr("repo.editor.file_delete_success", ctx.Repo.TreePath))
502502
if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(models.UnitTypePullRequests) {
503-
ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + ctx.Repo.BranchName + "..." + form.NewBranchName)
503+
ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
504504
} else {
505505
treePath := filepath.Dir(ctx.Repo.TreePath)
506506
if treePath == "." {
@@ -677,7 +677,7 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
677677
branchErr := err.(models.ErrBranchAlreadyExists)
678678
ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchErr.BranchName), tplUploadFile, &form)
679679
} else if git.IsErrPushOutOfDate(err) {
680-
ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+ctx.Repo.CommitID+"..."+form.NewBranchName), tplUploadFile, &form)
680+
ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+ctx.Repo.CommitID+"..."+util.PathEscapeSegments(form.NewBranchName)), tplUploadFile, &form)
681681
} else if git.IsErrPushRejected(err) {
682682
errPushRej := err.(*git.ErrPushRejected)
683683
if len(errPushRej.Message) == 0 {
@@ -703,7 +703,7 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
703703
}
704704

705705
if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(models.UnitTypePullRequests) {
706-
ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + ctx.Repo.BranchName + "..." + form.NewBranchName)
706+
ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
707707
} else {
708708
ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(branchName) + "/" + util.PathEscapeSegments(form.TreePath))
709709
}

0 commit comments

Comments
 (0)