Commit e2ba5727 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Merge branch 'route-encoded-slashes' into 'master'

Fix routing for encoded slashes

It seems URI.Path gets unescaped. URI.EscapePath() contains the `%2F` we want.

Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/4124

See merge request !23
parents bd5ec001 25e64b1a
......@@ -12,6 +12,7 @@ import (
"os/exec"
"path"
"regexp"
"strings"
"testing"
"time"
)
......@@ -196,6 +197,29 @@ func TestAllowedApiDownloadZip(t *testing.T) {
runOrFail(t, extractCmd)
}
func TestAllowedApiDownloadZipWithSlash(t *testing.T) {
prepareDownloadDir(t)
// Prepare test server and backend
archiveName := "foobar.zip"
ts := testAuthServer(nil, 200, archiveOkBody(t, archiveName))
defer ts.Close()
ws := startWorkhorseServer(ts.URL)
defer ws.Close()
// Use foo%2Fbar instead of a numeric ID
downloadCmd := exec.Command("curl", "-J", "-O", fmt.Sprintf("%s/api/v3/projects/foo%%2Fbar/repository/archive.zip", ws.URL))
if !strings.Contains(downloadCmd.Args[3], `projects/foo%2Fbar/repository`) {
t.Fatalf("Cannot find percent-2F: %v", downloadCmd.Args)
}
downloadCmd.Dir = scratchDir
runOrFail(t, downloadCmd)
extractCmd := exec.Command("unzip", archiveName)
extractCmd.Dir = scratchDir
runOrFail(t, extractCmd)
}
func TestDownloadCacheHit(t *testing.T) {
prepareDownloadDir(t)
......
......@@ -107,7 +107,7 @@ func (u *upstream) ServeHTTP(ow http.ResponseWriter, r *http.Request) {
}
// Check URL Root
URIPath := cleanURIPath(r.URL.Path)
URIPath := cleanURIPath(r.URL.EscapedPath())
if !strings.HasPrefix(URIPath, u.relativeURLRoot) && URIPath+"/" != u.relativeURLRoot {
httpError(&w, r, fmt.Sprintf("Not found %q", URIPath), http.StatusNotFound)
return
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment