Skip to content

Commit e8da63c

Browse files
wxiaoguangwxiaoguang
authored
Avoid double-unescaping of form value (#26853) (#26863)
Backport #26853 The old `prepareQueryArg` did double-unescaping of form value.
1 parent 93c36f3 commit e8da63c

File tree

3 files changed

+6
-23
lines changed

3 files changed

+6
-23
lines changed

modules/context/utils.go

+4-21
Original file line numberDiff line numberDiff line change
@@ -4,37 +4,27 @@
44
package context
55

66
import (
7-
"net/url"
87
"strings"
98
"time"
109
)
1110

1211
// GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
1312
func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
14-
qCreatedBefore, err := prepareQueryArg(ctx, "before")
13+
before, err = parseFormTime(ctx, "before")
1514
if err != nil {
1615
return 0, 0, err
1716
}
1817

19-
qCreatedSince, err := prepareQueryArg(ctx, "since")
20-
if err != nil {
21-
return 0, 0, err
22-
}
23-
24-
before, err = parseTime(qCreatedBefore)
25-
if err != nil {
26-
return 0, 0, err
27-
}
28-
29-
since, err = parseTime(qCreatedSince)
18+
since, err = parseFormTime(ctx, "since")
3019
if err != nil {
3120
return 0, 0, err
3221
}
3322
return before, since, nil
3423
}
3524

3625
// parseTime parse time and return unix timestamp
37-
func parseTime(value string) (int64, error) {
26+
func parseFormTime(ctx *Base, name string) (int64, error) {
27+
value := strings.TrimSpace(ctx.FormString(name))
3828
if len(value) != 0 {
3929
t, err := time.Parse(time.RFC3339, value)
4030
if err != nil {
@@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) {
4636
}
4737
return 0, nil
4838
}
49-
50-
// prepareQueryArg unescape and trim a query arg
51-
func prepareQueryArg(ctx *Base, name string) (value string, err error) {
52-
value, err = url.PathUnescape(ctx.FormString(name))
53-
value = strings.TrimSpace(value)
54-
return value, err
55-
}

tests/integration/api_issue_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,7 @@ func TestAPISearchIssues(t *testing.T) {
234234
DecodeJSON(t, resp, &apiIssues)
235235
assert.Len(t, apiIssues, expectedIssueCount)
236236

237-
since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
237+
since := "2000-01-01T00:50:01+00:00" // 946687801
238238
before := time.Unix(999307200, 0).Format(time.RFC3339)
239239
query.Add("since", since)
240240
query.Add("before", before)

tests/integration/issue_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -368,7 +368,7 @@ func TestSearchIssues(t *testing.T) {
368368
DecodeJSON(t, resp, &apiIssues)
369369
assert.Len(t, apiIssues, expectedIssueCount)
370370

371-
since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
371+
since := "2000-01-01T00:50:01+00:00" // 946687801
372372
before := time.Unix(999307200, 0).Format(time.RFC3339)
373373
query := url.Values{}
374374
query.Add("since", since)

0 commit comments

Comments
 (0)