Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid double-unescaping of form value #26853

Merged
merged 3 commits into from
Sep 1, 2023

Conversation

wxiaoguang
Copy link
Contributor

  1. The old prepareQueryArg did double-unescaping of form value.
  2. By the way, remove the unnecessary ctx.Flash = ... in MockContext.

@wxiaoguang wxiaoguang added this to the 1.21.0 milestone Sep 1, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 1, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 1, 2023
@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 1, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 1, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 1, 2023
@lunny lunny added the backport/v1.20 This PR should be backported to Gitea 1.20 label Sep 1, 2023
@wxiaoguang wxiaoguang added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 1, 2023
@wxiaoguang wxiaoguang enabled auto-merge (squash) September 1, 2023 10:56
@GiteaBot

This comment was marked as outdated.

@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 1, 2023
@wxiaoguang wxiaoguang merged commit f01bed2 into go-gitea:main Sep 1, 2023
23 checks passed
@GiteaBot
Copy link
Contributor

GiteaBot commented Sep 1, 2023

I was unable to create a backport for 1.20. @wxiaoguang, please send one manually. 🍵

go run ./contrib/backport 26853
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Sep 1, 2023
@wxiaoguang wxiaoguang deleted the fix-web-context branch September 1, 2023 12:04
wxiaoguang added a commit to wxiaoguang/gitea that referenced this pull request Sep 1, 2023
1. The old `prepareQueryArg` did double-unescaping of form value.
2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`.
@wxiaoguang wxiaoguang added the backport/done All backports for this PR have been created label Sep 1, 2023
wxiaoguang added a commit that referenced this pull request Sep 1, 2023
Backport #26853

The old `prepareQueryArg` did double-unescaping of form value.
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 1, 2023
* giteaoffical/main: (22 commits)
  Use case-insensitive regex for all webpack assets (go-gitea#26867)
  restrict certificate type for builtin SSH server (go-gitea#26789)
  feat(API): add secret deletion functionality for repository (go-gitea#26808)
  Avoid double-unescaping of form value (go-gitea#26853)
  Move web/api context related testing function into a separate package (go-gitea#26859)
  Remove some unused CSS styles (go-gitea#26852)
  [skip ci] Updated translations via Crowdin
  Minor dashboard tweaks, fix flex-list margins (go-gitea#26829)
  Update team invitation email link (go-gitea#26550)
  Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (go-gitea#26813)
  Remove "TODO" tasks from CSS file (go-gitea#26835)
  User details page (go-gitea#26713)
  Render code blocks in repo description (go-gitea#26830)
  Remove joinPaths function (go-gitea#26833)
  Remove polluted `.ui.right` (go-gitea#26825)
  Sync tags when adopting repos (go-gitea#26816)
  rm comment about hugo (go-gitea#26832)
  Fix filename for .spectral.yaml (go-gitea#26828)
  [skip ci] Updated translations via Crowdin
  Check blocklist for emails when adding them to account (go-gitea#26812)
  ...
nrdufour added a commit to nrdufour/home-ops that referenced this pull request Sep 8, 2023
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/gitea/gitea](https://github.com/go-gitea/gitea) | patch | `1.20.3` -> `1.20.4` |

---

### Release Notes

<details>
<summary>go-gitea/gitea (docker.io/gitea/gitea)</summary>

### [`v1.20.4`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#1204---2023-09-08)

[Compare Source](go-gitea/gitea@v1.20.3...v1.20.4)

-   SECURITY
    -   Check blocklist for emails when adding them to account ([#&#8203;26812](go-gitea/gitea#26812)) ([#&#8203;26831](go-gitea/gitea#26831))
-   ENHANCEMENTS
    -   Add `branch_filter` to hooks API endpoints ([#&#8203;26599](go-gitea/gitea#26599)) ([#&#8203;26632](go-gitea/gitea#26632))
    -   Fix incorrect "tabindex" attributes ([#&#8203;26733](go-gitea/gitea#26733)) ([#&#8203;26734](go-gitea/gitea#26734))
    -   Use line-height: normal by default ([#&#8203;26635](go-gitea/gitea#26635)) ([#&#8203;26708](go-gitea/gitea#26708))
    -   Fix unable to display individual-level project ([#&#8203;26198](go-gitea/gitea#26198)) ([#&#8203;26636](go-gitea/gitea#26636))
-   BUGFIXES
    -   Fix wrong review requested number ([#&#8203;26784](go-gitea/gitea#26784)) ([#&#8203;26880](go-gitea/gitea#26880))
    -   Avoid double-unescaping of form value ([#&#8203;26853](go-gitea/gitea#26853)) ([#&#8203;26863](go-gitea/gitea#26863))
    -   Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled ([#&#8203;26813](go-gitea/gitea#26813)) ([#&#8203;26847](go-gitea/gitea#26847))
    -   Sync tags when adopting repos ([#&#8203;26816](go-gitea/gitea#26816)) ([#&#8203;26834](go-gitea/gitea#26834))
    -   Fix verifyCommits error when push a new branch ([#&#8203;26664](go-gitea/gitea#26664)) ([#&#8203;26810](go-gitea/gitea#26810))
    -   Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests ([#&#8203;26759](go-gitea/gitea#26759)) ([#&#8203;26806](go-gitea/gitea#26806))
    -   Fix some slice append usages ([#&#8203;26778](go-gitea/gitea#26778)) ([#&#8203;26798](go-gitea/gitea#26798))
    -   Add fix incorrect can_create_org_repo for org owner team ([#&#8203;26683](go-gitea/gitea#26683)) ([#&#8203;26791](go-gitea/gitea#26791))
    -   Fix bug for ctx usage ([#&#8203;26763](go-gitea/gitea#26763))
    -   Make issue template field template access correct template data ([#&#8203;26698](go-gitea/gitea#26698)) ([#&#8203;26709](go-gitea/gitea#26709))
    -   Use correct minio error ([#&#8203;26634](go-gitea/gitea#26634)) ([#&#8203;26639](go-gitea/gitea#26639))
    -   Ignore the trailing slashes when comparing oauth2 redirect_uri ([#&#8203;26597](go-gitea/gitea#26597)) ([#&#8203;26618](go-gitea/gitea#26618))
    -   Set errwriter for urfave/cli v1 ([#&#8203;26616](go-gitea/gitea#26616))
    -   Fix reopen logic for agit flow pull request ([#&#8203;26399](go-gitea/gitea#26399)) ([#&#8203;26613](go-gitea/gitea#26613))
    -   Fix context filter has no effect in dashboard ([#&#8203;26695](go-gitea/gitea#26695)) ([#&#8203;26811](go-gitea/gitea#26811))
    -   Fix being unable to use a repo that prohibits accepting PRs as a PR source. ([#&#8203;26785](go-gitea/gitea#26785)) ([#&#8203;26790](go-gitea/gitea#26790))
    -   Fix Page Not Found error ([#&#8203;26768](go-gitea/gitea#26768))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Reviewed-on: https://git.home/nrdufour/home-ops/pulls/79
Co-authored-by: Renovate <[email protected]>
Co-committed-by: Renovate <[email protected]>
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Nov 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.20 This PR should be backported to Gitea 1.20 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants