-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
links in search results are not escaped #22740
Comments
That's a bug. I think #22741 will fix it. |
🤦Fortunately despite this being yet another escaping bug I don't think this could result in a security issue. |
zeripath
pushed a commit
that referenced
this issue
Feb 4, 2023
yardenshoham
pushed a commit
to yardenshoham/gitea
that referenced
this issue
Feb 4, 2023
wxiaoguang
added a commit
to wxiaoguang/gitea
that referenced
this issue
Feb 4, 2023
zeripath
pushed a commit
that referenced
this issue
Feb 6, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
New gitea installation:
Gitea-Version
1.18.2 built with GNU Make 4.3, go1.19.5 : bindata, timetzdata, sqlite, sqlite_unlock_notify
Git-Version 2.36.4, Wire Protocol Version 2 Enabled
We're trying to use it together with abapGit for custom developments on an SAP system.
Because of the way abapGit and SAP work, the resulting filenames on the gitea server (or on any git server) would have slashes in them: for this reason, during serialization and push they’re replaced by hashmarks as follows:
Original SAP object: /SOFTW/ZTOPREP (that would be program ZTOPREP under the /SOFTW namespace)
Serialized content on the git server: /src/#softw#ztoprep.prog.abap
So far, so good: both abapGit and gitea seem to be fine with it; when browsing folders on gitea, that also works ok: the hashmarks are escaped, links are active and lead to the correct object. Notice the "%23" in the lower left corner:
The problem comes up in search results: here hashmarks are NOT escaped, so they end up working as anchors and lead to the wrong object, typically the toplevel folder / package
Is it something that can / should be configured in our installation or just a bug / missing feature?
Gitea Version
1.18.2
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.36.4
Operating System
Ubuntu 22.04.1 LTS
How are you running Gitea?
Running gitea/gitea:latest ( sha256:86b1df821fa31475f7720f2e8b86b386fb48a1acf40e941cd8d077a9230d4578 ) on Docker 20.10.23 (API: 1.41), with Postgresql 14.6-1.pgdg110+1
Database
PostgreSQL
The text was updated successfully, but these errors were encountered: