Clean up various use of escape/unescape functions for URL generation

[mrsdizzie]

Edit:
This is a pull request to clean up various uses of escape/unescape functions such as PathEscape/QueryEscape (and their Unescape partners).

Gitea currently fails on most 'pathological' cases as shown here:
#6225 (comment)

This fixes those by introducing a new function PathEscapeSegments that runs PathEscape on each segment of a path while leaving the forward slash in place. In theory should fix any 404/500 errors that are a result of bad escaping (as in examples above).

This touches a lot but should change very little since it is ultimately using the same PathEscape function underneath.

Fixes #6333

[zeripath]

This is only a partial fix.

You need to go through the rest of the code that generates these paths and use something similar to url.PathEscape - basically one that escapes everything url.PathEscape does except for / which can remain the same (as we can tolerate this). I think templates.EscapePound is intended for this but you should check it actually does everything it should - I worry that there may be missing bits that could bite us later.

Ideally we should move the generation of compare paths into some kind of helper function so that if we change the compare url again we can just change it in one place and one place only (or very easy find where it's being used.) Perhaps use the Repository.ComposeCompareURL function.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@c151682). Click here to learn what that means.
The diff coverage is 56%.

@@            Coverage Diff            @@
##             master    #6334   +/-   ##
=========================================
  Coverage          ?   38.88%           
=========================================
  Files             ?      364           
  Lines             ?    51215           
  Branches          ?        0           
=========================================
  Hits              ?    19916           
  Misses            ?    28432           
  Partials          ?     2867

Impacted Files	Coverage Δ
modules/util/util.go	65.21% <ø> (ø)
modules/context/repo.go	58.4% <0%> (ø)
routers/home.go	45.45% <0%> (ø)
routers/private/repository.go	25.86% <0%> (ø)
modules/context/context.go	50% <0%> (ø)
models/repo.go	47.44% <100%> (ø)
routers/repo/pull.go	34.24% <100%> (ø)
modules/context/auth.go	26.08% <33.33%> (ø)
modules/util/url.go	69.44% <69.44%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c151682...120f7f7. Read the comment docs.

[mrsdizzie]

Ah I see yes I see what you mean, I can fix that.

I do feel a bit weary to use this:

gitea/modules/templates/helper.go

Lines 115 to 117 in e09fe48

	"EscapePound": func(str string) string {
	return strings.NewReplacer("%", "%25", "#", "%23", " ", "%20", "?", "%3F").Replace(str)
	},

To replace existing code (and choosing it vs PathEscape). Are those really the only 4 things that need to be escaped? Or to put it another way, is there a known reason to want to write an alternative Escape function? Does PathEscape do things that are unwanted in particular situations?

I see EscapePound is only used in templates now where as theres a mix of QueryEscape and PathEscape in the code.

[zeripath]

So PathEscape will escape / which is not wanted in branch names.

[mrsdizzie]

Ah I see yea that is no good. What do you think of a function that would just call PathEscape on everything but a /

func GiteaEscapePath(path string) string {

	slice := strings.Split(path, "/")
	for index := range slice {
		slice[index] = url.PathEscape(slice[index])
	}
	escapedPath := strings.Join(slice, "/")
	return escapedPath
}

Input: /this/is/my "stra"nge#/pa?h/ 
Output: /this/is/my%20%22stra%22nge%23/pa%3Fh/
Input: release/v1.7 
Output: release/v1.7

So just eliminating the one thing we don't like about PathEscape rather than trying to recreate all the things we would want.

[zeripath]

An alternative would be to run PathEscape and then replace all %2F with /.

The main question is which is more understandable.

[mrsdizzie]

I like the split method because it feels more intentional that we are really only interested in operating on the segments of a path rather than the path string as a whole (and it feels weird to replace something and then try to replace it back). a PathSegmentEscape if you will :)

I think either method would just require a short comment like // we don't want escaped forward slashes and that would probably be 'clear enough'.

[zeripath]

Anyway, I would be delighted if we could migrate to using the correct functions in the correct places. I.e. QueryEscape in queries, PathEscape in a path segment, GiteaPathEscape (or maybe PathSegmentsEscape?) in things that represent a multiple path segments.

I too am deeply suspicious about EscapePound.

[mrsdizzie]

Where would be the preferred place to define a new somewhat general use function like this?

[mrsdizzie]

OK, made all of the discussed changes and have edited the description of this PR per the requested scope.

[zeripath]

This one should be url.PathEscape - although we don't allow / in names at present we might in future

[mrsdizzie]

done

[zeripath]

ownerName and repoName should be url.PathEscape and branchName should be escaped with util.PathEscapeSegments

[mrsdizzie]

done

[zeripath]

url.PathEscape

[mrsdizzie]

done

[zeripath]

url.PathEscape

[mrsdizzie]

done

[zeripath]

These ones are actually in a query so url.QueryEscape is the correct thing.

[mrsdizzie]

done

[zeripath]

ctx.QueryTrim will already unescape its contents so you don't actually need to unescape these.

[mrsdizzie]

removed that call. Included a check if baseBranch is empty to preserve the error handling at this point.

[zeripath]

ctx.QueryTrim will already unescape its contents so you don't actually need to unescape these.

[mrsdizzie]

same as above

[zeripath]

It might be sensible to change models/repo.go Repository.ComposeCompareUrl to use the new path escape segments too.

[zeripath]

Just check that this doesn't break. I put the PathEscape in recently and it worked for branches with subpaths.

[mrsdizzie]

Yes, this still works the same and as a bonus makes the logging a tiny bit more clear (though both should work fine here). With just PathEscape, you end up with a log like:

GetProtectedBranchBy: http://localhost:3000/api/internal/branch/3/refs%2Ftags%2Fdebian%2F1%251.6.0-4

And with PathEscapeSegments you end up with:

GetProtectedBranchBy: http://localhost:3000/api/internal/branch/3/refs/tags/debian/1%251.6.0-3

Since we tolerate the forward slashes in a URL anyway the second choice seems preferable for clarity and consistency with how we escape the branchName in other places now.

[lunny]

A package named util is not a good idea maybe we could change this and begin from this PR?

[mrsdizzie]

util does feel right for something like this but I assume the advice is to not re-use common stdlib names in general? What namespace would be preferred here?

I'm not very good at naming things, perhaps just a generic 'gitea' for these utility type functions that are local to this project

gitea.PathEscapeSegments(myString)

Not very clever but at least obvious to where it comes from. Lemme know what makes sense and I can update this PR.

If the name needs more thought/feedback, I think it would be better to add this PR 'as is' and create a second PR for changing the name of the currently used modules/util since this will fix a few existing bugs.

[zeripath]

@lunny I think it's reasonable to continue using the util module here. We should refactor the module later as a separate pr.

[lunny]

I think we could create a new package named module/url for all url related functions. But It's OK for another PR to do that.