escaping

Author: zokkis

routers/web/explore/code.go

@@ -5,6 +5,7 @@ package explore
 
 import (
 	"net/http"
+	"net/url"
 
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/base"
@@ -37,9 +38,9 @@ func Code(ctx *context.Context) {
 	queryType := ctx.FormTrim("t")
 	isMatch := queryType == "match"
 
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Language"] = language
-	ctx.Data["queryType"] = queryType
+	ctx.Data["Keyword"] = url.PathEscape(keyword)
+	ctx.Data["Language"] = url.PathEscape(language)
+	ctx.Data["queryType"] = url.PathEscape(queryType)
 	ctx.Data["PageIsViewCode"] = true
 
 	if keyword == "" {

routers/web/explore/repo.go

@@ -6,6 +6,7 @@ package explore
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -107,7 +108,7 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 	ctx.Data["TopicOnly"] = topicOnly
 
 	language := ctx.FormTrim("language")
-	ctx.Data["Language"] = language
+	ctx.Data["Language"] = url.PathEscape(language)
 
 	archived := ctx.FormOptionalBool("archived")
 	ctx.Data["IsArchived"] = archived
@@ -162,7 +163,7 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 		return
 	}
 
-	ctx.Data["Keyword"] = keyword
+	ctx.Data["Keyword"] = url.PathEscape(keyword)
 	ctx.Data["Total"] = count
 	ctx.Data["Repos"] = repos
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled

routers/web/org/home.go

@@ -5,6 +5,7 @@ package org
 
 import (
 	"net/http"
+	"net/url"
 	"path"
 	"strings"
 
@@ -59,7 +60,7 @@ func Home(ctx *context.Context) {
 	}
 
 	var orderBy db.SearchOrderBy
-	ctx.Data["SortType"] = ctx.FormString("sort")
+	ctx.Data["SortType"] = url.PathEscape(ctx.FormString("sort"))
 	switch ctx.FormString("sort") {
 	case "newest":
 		orderBy = db.SearchOrderByNewest
@@ -87,10 +88,10 @@ func Home(ctx *context.Context) {
 	}
 
 	keyword := ctx.FormTrim("q")
-	ctx.Data["Keyword"] = keyword
+	ctx.Data["Keyword"] = url.PathEscape(keyword)
 
 	language := ctx.FormTrim("language")
-	ctx.Data["Language"] = language
+	ctx.Data["Language"] = url.PathEscape(language)
 
 	page := ctx.FormInt("page")
 	if page <= 0 {

routers/web/repo/search.go

@@ -5,6 +5,7 @@ package repo
 
 import (
 	"net/http"
+	"net/url"
 
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
@@ -27,9 +28,9 @@ func Search(ctx *context.Context) {
 	queryType := ctx.FormTrim("t")
 	isMatch := queryType == "match"
 
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Language"] = language
-	ctx.Data["queryType"] = queryType
+	ctx.Data["Keyword"] = url.PathEscape(keyword)
+	ctx.Data["Language"] = url.PathEscape(language)
+	ctx.Data["queryType"] = url.PathEscape(queryType)
 	ctx.Data["PageIsViewCode"] = true
 
 	if keyword == "" {

routers/web/user/code.go

@@ -5,6 +5,7 @@ package user
 
 import (
 	"net/http"
+	"net/url"
 
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/base"
@@ -42,9 +43,9 @@ func CodeSearch(ctx *context.Context) {
 	queryType := ctx.FormTrim("t")
 	isMatch := queryType == "match"
 
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Language"] = language
-	ctx.Data["queryType"] = queryType
+	ctx.Data["Keyword"] = url.PathEscape(keyword)
+	ctx.Data["Language"] = url.PathEscape(language)
+	ctx.Data["queryType"] = url.PathEscape(queryType)
 	ctx.Data["IsCodePage"] = true
 
 	if keyword == "" {

routers/web/user/profile.go

@@ -7,6 +7,7 @@ package user
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"path"
 	"strings"
 
@@ -137,10 +138,10 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 	}
 
 	keyword := ctx.FormTrim("q")
-	ctx.Data["Keyword"] = keyword
+	ctx.Data["Keyword"] = url.PathEscape(keyword)
 
 	language := ctx.FormTrim("language")
-	ctx.Data["Language"] = language
+	ctx.Data["Language"] = url.PathEscape(language)
 
 	followers, numFollowers, err := user_model.GetUserFollowers(ctx, ctx.ContextUser, ctx.Doer, db.ListOptions{
 		PageSize: pagingNum,

templates/shared/repo_search.tmpl

@@ -16,7 +16,7 @@
 	{{if not .TabName}}{{$tabQuery = ""}}{{end}}
 	{{$languageQuery := printf "language=%s&" .Language}}
 	{{if not .TabName}}{{$languageQuery = ""}}{{end}}
-	{{$queryParams := (printf "%s%sq=%s" $tabQuery $languageQuery .Keyword) | PathEscape}}
+	{{$queryParams := printf "%s%sq=%s" $tabQuery $languageQuery .Keyword}}
 	<!-- Filter -->
 	{{$queryParamsWithSort := printf "%s&sort=%s" $queryParams .SortType}}
 	<form class="ui form ignore-dirty" id="repo-search-form" data-query-params="{{$queryParamsWithSort}}">
@@ -26,7 +26,7 @@
 			</span>
 			{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 			<div class="menu">
-				<a class="item" href="{{printf "%s?%s" (.Link | PathEscapeSegments) $queryParamsWithSort}}">{{ctx.Locale.Tr "filter.clear"}}</a>
+				<a class="item" href="{{printf "%s?%s" .Link $queryParamsWithSort}}">{{ctx.Locale.Tr "filter.clear"}}</a>
 				<div class="divider"></div>
 				<label class="item"><input type="radio" name="archived" {{if .IsArchived.IsTrue}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_archived"}}</label>
 				<label class="item"><input type="radio" name="archived" {{if .IsArchived.IsFalse}}checked{{end}} value="0"> {{ctx.Locale.Tr "filter.not_archived"}}</label>
@@ -52,7 +52,7 @@
 		</span>
 		{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 		<div class="menu">
-			{{$href := printf "%s?%s" (.Link | PathEscapeSegments) $queryParams}}
+			{{$href := printf "%s?%s" .Link $queryParams}}
 			<a class="{{if eq .SortType "newest"}}active {{end}}item" href="{{$href}}&sort=newest">{{ctx.Locale.Tr "repo.issues.filter_sort.latest"}}</a>
 			<a class="{{if eq .SortType "oldest"}}active {{end}}item" href="{{$href}}&sort=oldest">{{ctx.Locale.Tr "repo.issues.filter_sort.oldest"}}</a>
 			<a class="{{if eq .SortType "alphabetically"}}active {{end}}item" href="{{$href}}&sort=alphabetically">{{ctx.Locale.Tr "repo.issues.label.filter_sort.alphabetically"}}</a>