@@ -11,7 +11,6 @@ import (
11
11
"net/http"
12
12
"os"
13
13
"path"
14
- "path/filepath"
15
14
"strings"
16
15
17
16
"code.gitea.io/gitea/modules/context"
@@ -27,6 +26,8 @@ import (
27
26
)
28
27
29
28
func storageHandler (storageSetting setting.Storage , prefix string , objStore storage.ObjectStorage ) func (next http.Handler ) http.Handler {
29
+ prefix = strings .Trim (prefix , "/" )
30
+
30
31
return func (next http.Handler ) http.Handler {
31
32
if storageSetting .ServeDirect {
32
33
return http .HandlerFunc (func (w http.ResponseWriter , req * http.Request ) {
@@ -35,12 +36,14 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
35
36
return
36
37
}
37
38
38
- if ! strings .HasPrefix (req .URL .RequestURI () , "/" + prefix ) {
39
+ if ! strings .HasPrefix (req .URL .Path , "/" + prefix + "/" ) {
39
40
next .ServeHTTP (w , req )
40
41
return
41
42
}
42
43
43
- rPath := strings .TrimPrefix (req .URL .RequestURI (), "/" + prefix )
44
+ rPath := strings .TrimPrefix (req .URL .Path , "/" + prefix + "/" )
45
+ rPath = path .Clean ("/" + strings .ReplaceAll (rPath , "\\ " , "/" ))[1 :]
46
+
44
47
u , err := objStore .URL (rPath , path .Base (rPath ))
45
48
if err != nil {
46
49
if os .IsNotExist (err ) || errors .Is (err , os .ErrNotExist ) {
@@ -52,11 +55,12 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
52
55
http .Error (w , fmt .Sprintf ("Error whilst getting URL for %s %s" , prefix , rPath ), 500 )
53
56
return
54
57
}
58
+
55
59
http .Redirect (
56
60
w ,
57
61
req ,
58
62
u .String (),
59
- 301 ,
63
+ http . StatusMovedPermanently ,
60
64
)
61
65
})
62
66
}
@@ -67,28 +71,24 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
67
71
return
68
72
}
69
73
70
- prefix := strings .Trim (prefix , "/" )
71
-
72
- if ! strings .HasPrefix (req .URL .EscapedPath (), "/" + prefix + "/" ) {
74
+ if ! strings .HasPrefix (req .URL .Path , "/" + prefix + "/" ) {
73
75
next .ServeHTTP (w , req )
74
76
return
75
77
}
76
78
77
- rPath := strings .TrimPrefix (req .URL .EscapedPath () , "/" + prefix + "/" )
78
- rPath = strings .TrimPrefix (rPath , "/" )
79
+ rPath := strings .TrimPrefix (req .URL .Path , "/" + prefix + "/" )
80
+ rPath = path . Clean ( "/" + strings .ReplaceAll (rPath , "\\ " , " /" ))[ 1 :]
79
81
if rPath == "" {
80
82
http .Error (w , "file not found" , 404 )
81
83
return
82
84
}
83
- rPath = path .Clean ("/" + filepath .ToSlash (rPath ))
84
- rPath = rPath [1 :]
85
85
86
86
fi , err := objStore .Stat (rPath )
87
87
if err == nil && httpcache .HandleTimeCache (req , w , fi ) {
88
88
return
89
89
}
90
90
91
- //If we have matched and access to release or issue
91
+ // If we have matched and access to release or issue
92
92
fr , err := objStore .Open (rPath )
93
93
if err != nil {
94
94
if os .IsNotExist (err ) || errors .Is (err , os .ErrNotExist ) {
@@ -121,7 +121,7 @@ func (d *dataStore) GetData() map[string]interface{} {
121
121
// Recovery returns a middleware that recovers from any panics and writes a 500 and a log if so.
122
122
// This error will be created with the gitea 500 page.
123
123
func Recovery () func (next http.Handler ) http.Handler {
124
- var rnd = templates .HTMLRenderer ()
124
+ rnd : = templates .HTMLRenderer ()
125
125
return func (next http.Handler ) http.Handler {
126
126
return http .HandlerFunc (func (w http.ResponseWriter , req * http.Request ) {
127
127
defer func () {
@@ -131,14 +131,14 @@ func Recovery() func(next http.Handler) http.Handler {
131
131
132
132
sessionStore := session .GetSession (req )
133
133
134
- var lc = middleware .Locale (w , req )
135
- var store = dataStore {
134
+ lc : = middleware .Locale (w , req )
135
+ store : = dataStore {
136
136
"Language" : lc .Language (),
137
137
"CurrentURL" : setting .AppSubURL + req .URL .RequestURI (),
138
138
"i18n" : lc ,
139
139
}
140
140
141
- var user = context .GetContextUser (req )
141
+ user : = context .GetContextUser (req )
142
142
if user == nil {
143
143
// Get user from session if logged in - do not attempt to sign-in
144
144
user = auth .SessionUser (sessionStore )
0 commit comments