gitea

public/gitea

Fork 0

mirror of https://github.com/go-gitea/gitea.git synced 2026-05-06 04:01:05 +09:00

Commit Graph

Author	SHA1	Message	Date
wxiaoguang	aee6628bf5	Fix URL related escaping for oauth2 (#37334 ) Follow up #37327. See the comments. * Root problem: the design of OAuth2 providers is a mess, the display name is used as provider's name and used in the URL directly * The regressions: * When trying to fix https://github.com/go-gitea/gitea/issues/36409 , it introduced inconsistent URL escaping for the "path" part. * This fix: always use "path escaping" for the path part, add more tests to cover all escaping cases. Now, frontend "pathEscape" and "pathEscapeSegments" generate exactly the same result as backend.	2026-04-21 23:58:32 +08:00
wxiaoguang	71360a94cb	Address some CodeQL security concerns (#35572 ) Although there is no real security problem	2025-10-04 01:21:26 +08:00
wxiaoguang	2a828e2798	Clarify path param naming (#32969 ) In history (from some legacy frameworks), both `:name` and `name` are supported as path path name, `:name` is an alias to `name`. To make code consistent, now we should only use `name` but not `:name`. Also added panic check in related functions to make sure the name won't be abused in case some downstreams still use them.	2024-12-24 13:47:45 +00:00

Author

SHA1

Message

Date

wxiaoguang

aee6628bf5

Fix URL related escaping for oauth2 (#37334 )

Follow up #37327. See the comments.

* Root problem: the design of OAuth2 providers is a mess, the display
name is used as provider's name and used in the URL directly
* The regressions:
* When trying to fix https://github.com/go-gitea/gitea/issues/36409 , it
introduced inconsistent URL escaping for the "path" part.
* This fix: always use "path escaping" for the path part, add more tests
to cover all escaping cases.

Now, frontend "pathEscape" and "pathEscapeSegments" generate exactly the
same result as backend.

2026-04-21 23:58:32 +08:00

wxiaoguang

71360a94cb

Address some CodeQL security concerns (#35572 )

Although there is no real security problem

2025-10-04 01:21:26 +08:00

wxiaoguang

2a828e2798

Clarify path param naming (#32969 )

In history (from some legacy frameworks), both `:name` and `name` are
supported as path path name, `:name` is an alias to `name`.

To make code consistent, now we should only use `name` but not `:name`.

Also added panic check in related functions to make sure the name won't
be abused in case some downstreams still use them.

2024-12-24 13:47:45 +00:00

3 Commits