-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid double-unescaping of form value #26853
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GiteaBot
added
the
lgtm/need 2
This PR needs two approvals by maintainers to be considered for merging.
label
Sep 1, 2023
pull-request-size
bot
added
the
size/S
Denotes a PR that changes 10-29 lines, ignoring generated files.
label
Sep 1, 2023
wxiaoguang
force-pushed
the
fix-web-context
branch
from
September 1, 2023 02:53
3328d16
to
16ad823
Compare
pull-request-size
bot
added
size/M
Denotes a PR that changes 30-99 lines, ignoring generated files.
and removed
size/S
Denotes a PR that changes 10-29 lines, ignoring generated files.
labels
Sep 1, 2023
silverwind
approved these changes
Sep 1, 2023
GiteaBot
added
lgtm/need 1
This PR needs approval from one additional maintainer to be merged.
and removed
lgtm/need 2
This PR needs two approvals by maintainers to be considered for merging.
labels
Sep 1, 2023
lunny
approved these changes
Sep 1, 2023
GiteaBot
added
lgtm/done
This PR has enough approvals to get merged. There are no important open reservations anymore.
and removed
lgtm/need 1
This PR needs approval from one additional maintainer to be merged.
labels
Sep 1, 2023
wxiaoguang
added
the
reviewed/wait-merge
This pull request is part of the merge queue. It will be merged soon.
label
Sep 1, 2023
This comment was marked as outdated.
This comment was marked as outdated.
GiteaBot
removed
the
reviewed/wait-merge
This pull request is part of the merge queue. It will be merged soon.
label
Sep 1, 2023
I was unable to create a backport for 1.20. @wxiaoguang, please send one manually. 🍵
|
GiteaBot
added
the
backport/manual
No power to the bots! Create your backport yourself!
label
Sep 1, 2023
wxiaoguang
added a commit
to wxiaoguang/gitea
that referenced
this pull request
Sep 1, 2023
1. The old `prepareQueryArg` did double-unescaping of form value. 2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`.
wxiaoguang
added a commit
that referenced
this pull request
Sep 1, 2023
zjjhot
added a commit
to zjjhot/gitea
that referenced
this pull request
Sep 1, 2023
* giteaoffical/main: (22 commits) Use case-insensitive regex for all webpack assets (go-gitea#26867) restrict certificate type for builtin SSH server (go-gitea#26789) feat(API): add secret deletion functionality for repository (go-gitea#26808) Avoid double-unescaping of form value (go-gitea#26853) Move web/api context related testing function into a separate package (go-gitea#26859) Remove some unused CSS styles (go-gitea#26852) [skip ci] Updated translations via Crowdin Minor dashboard tweaks, fix flex-list margins (go-gitea#26829) Update team invitation email link (go-gitea#26550) Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (go-gitea#26813) Remove "TODO" tasks from CSS file (go-gitea#26835) User details page (go-gitea#26713) Render code blocks in repo description (go-gitea#26830) Remove joinPaths function (go-gitea#26833) Remove polluted `.ui.right` (go-gitea#26825) Sync tags when adopting repos (go-gitea#26816) rm comment about hugo (go-gitea#26832) Fix filename for .spectral.yaml (go-gitea#26828) [skip ci] Updated translations via Crowdin Check blocklist for emails when adding them to account (go-gitea#26812) ...
nrdufour
added a commit
to nrdufour/home-ops
that referenced
this pull request
Sep 8, 2023
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gitea/gitea](https://github.com/go-gitea/gitea) | patch | `1.20.3` -> `1.20.4` | --- ### Release Notes <details> <summary>go-gitea/gitea (docker.io/gitea/gitea)</summary> ### [`v1.20.4`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#1204---2023-09-08) [Compare Source](go-gitea/gitea@v1.20.3...v1.20.4) - SECURITY - Check blocklist for emails when adding them to account ([#​26812](go-gitea/gitea#26812)) ([#​26831](go-gitea/gitea#26831)) - ENHANCEMENTS - Add `branch_filter` to hooks API endpoints ([#​26599](go-gitea/gitea#26599)) ([#​26632](go-gitea/gitea#26632)) - Fix incorrect "tabindex" attributes ([#​26733](go-gitea/gitea#26733)) ([#​26734](go-gitea/gitea#26734)) - Use line-height: normal by default ([#​26635](go-gitea/gitea#26635)) ([#​26708](go-gitea/gitea#26708)) - Fix unable to display individual-level project ([#​26198](go-gitea/gitea#26198)) ([#​26636](go-gitea/gitea#26636)) - BUGFIXES - Fix wrong review requested number ([#​26784](go-gitea/gitea#26784)) ([#​26880](go-gitea/gitea#26880)) - Avoid double-unescaping of form value ([#​26853](go-gitea/gitea#26853)) ([#​26863](go-gitea/gitea#26863)) - Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled ([#​26813](go-gitea/gitea#26813)) ([#​26847](go-gitea/gitea#26847)) - Sync tags when adopting repos ([#​26816](go-gitea/gitea#26816)) ([#​26834](go-gitea/gitea#26834)) - Fix verifyCommits error when push a new branch ([#​26664](go-gitea/gitea#26664)) ([#​26810](go-gitea/gitea#26810)) - Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests ([#​26759](go-gitea/gitea#26759)) ([#​26806](go-gitea/gitea#26806)) - Fix some slice append usages ([#​26778](go-gitea/gitea#26778)) ([#​26798](go-gitea/gitea#26798)) - Add fix incorrect can_create_org_repo for org owner team ([#​26683](go-gitea/gitea#26683)) ([#​26791](go-gitea/gitea#26791)) - Fix bug for ctx usage ([#​26763](go-gitea/gitea#26763)) - Make issue template field template access correct template data ([#​26698](go-gitea/gitea#26698)) ([#​26709](go-gitea/gitea#26709)) - Use correct minio error ([#​26634](go-gitea/gitea#26634)) ([#​26639](go-gitea/gitea#26639)) - Ignore the trailing slashes when comparing oauth2 redirect_uri ([#​26597](go-gitea/gitea#26597)) ([#​26618](go-gitea/gitea#26618)) - Set errwriter for urfave/cli v1 ([#​26616](go-gitea/gitea#26616)) - Fix reopen logic for agit flow pull request ([#​26399](go-gitea/gitea#26399)) ([#​26613](go-gitea/gitea#26613)) - Fix context filter has no effect in dashboard ([#​26695](go-gitea/gitea#26695)) ([#​26811](go-gitea/gitea#26811)) - Fix being unable to use a repo that prohibits accepting PRs as a PR source. ([#​26785](go-gitea/gitea#26785)) ([#​26790](go-gitea/gitea#26790)) - Fix Page Not Found error ([#​26768](go-gitea/gitea#26768)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Reviewed-on: https://git.home/nrdufour/home-ops/pulls/79 Co-authored-by: Renovate <[email protected]> Co-committed-by: Renovate <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
backport/done
All backports for this PR have been created
backport/manual
No power to the bots! Create your backport yourself!
backport/v1.20
This PR should be backported to Gitea 1.20
lgtm/done
This PR has enough approvals to get merged. There are no important open reservations anymore.
size/M
Denotes a PR that changes 30-99 lines, ignoring generated files.
type/bug
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
prepareQueryArg
did double-unescaping of form value.ctx.Flash = ...
inMockContext
.