From 3a77465e4ed252f5d92da12321613328b30b941c Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 16 Dec 2021 23:03:20 +0000
Subject: [PATCH] Prevent double decoding of % in url params  (#17997) (#18001)

---
 .../4c/61dd0a799e0830e77edfe6c74f7c349bc8e62a | Bin 0 -> 40 bytes
 .../50/4d9fe743979d4e9785a25a363c7007293f0838 | Bin 0 -> 40 bytes
 .../59/e2c41e8f5140bb0182acebec17c8ad9831cc62 | Bin 0 -> 847 bytes
 .../64/89894ad11093fdc49c0ed857d80682344a7264 | Bin 0 -> 39 bytes
 .../84/7c6d93c6860dd377651245711b7fbcd34a18d4 | Bin 0 -> 41 bytes
 .../9b/9cc8f558d1c4f815592496fa24308ba2a9c824 | Bin 0 -> 47 bytes
 .../a4/f1bb3f2f8c6a0e840e935812ef4903ce515dad | Bin 0 -> 394 bytes
 .../c7/85b65bf16928b58567cb23669125c0ccd25a4f | Bin 0 -> 44 bytes
 .../e9/63733b8a355cf860c465b4af7b236a6ef08783 | Bin 0 -> 47 bytes
 .../utf8.git/refs/heads/Plus+Is+Not+Space     |   2 +-
 integrations/nonascii_branches_test.go        |  46 ++++++++++++++++--
 modules/context/context.go                    |   4 ++
 modules/context/repo.go                       |   2 +-
 13 files changed, 47 insertions(+), 7 deletions(-)
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/4c/61dd0a799e0830e77edfe6c74f7c349bc8e62a
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/50/4d9fe743979d4e9785a25a363c7007293f0838
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/59/e2c41e8f5140bb0182acebec17c8ad9831cc62
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/64/89894ad11093fdc49c0ed857d80682344a7264
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/84/7c6d93c6860dd377651245711b7fbcd34a18d4
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/9b/9cc8f558d1c4f815592496fa24308ba2a9c824
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/a4/f1bb3f2f8c6a0e840e935812ef4903ce515dad
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/c7/85b65bf16928b58567cb23669125c0ccd25a4f
 create mode 100644 integrations/gitea-repositories-meta/user2/utf8.git/objects/e9/63733b8a355cf860c465b4af7b236a6ef08783

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/4c/61dd0a799e0830e77edfe6c74f7c349bc8e62a b/integrations/gitea-repositories-meta/user2/utf8.git/objects/4c/61dd0a799e0830e77edfe6c74f7c349bc8e62a
new file mode 100644
index 0000000000000000000000000000000000000000..17b3104773bbfb8ccdb5084cd6dda8a5ec794098
GIT binary patch
literal 40
xcmb<m^geacKghr+QRCbR{j;8dCr;}JdU%CyIIrWk#sBmf&!<cb>&m$%0RUr;5sm-=

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/50/4d9fe743979d4e9785a25a363c7007293f0838 b/integrations/gitea-repositories-meta/user2/utf8.git/objects/50/4d9fe743979d4e9785a25a363c7007293f0838
new file mode 100644
index 0000000000000000000000000000000000000000..25794ae805e8a5405454ae83c9d854eabaf63f82
GIT binary patch
literal 40
wcmb<m^geacKghr+k>lhEoiLBnXFNksc<6)~1Zn7b`1t8Qd&I=Btb+4C072*vod5s;

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/59/e2c41e8f5140bb0182acebec17c8ad9831cc62 b/integrations/gitea-repositories-meta/user2/utf8.git/objects/59/e2c41e8f5140bb0182acebec17c8ad9831cc62
new file mode 100644
index 0000000000000000000000000000000000000000..736a24227c153003864cb1b41e751db5af19f495
GIT binary patch
literal 847
zcmb<m%$<Dl++q)bmgi@JugLmtp5^*V&UE$JBp$Y$H_?G2zrQiF-S)pfPwwp6$CEBi
zKNX@irLk?@YOw<sgnnN)O5{<PZ=8ARX^x&E<E4m4nL5SRor#6#PMfrU=)0L}pzLPx
zu#Qn?iiDMSvEo$L8O|CDWA#o1c(L}(;8|wbq@?bl$tdq_>GQzwaVP8j`swq3aPHoC
z^!|klf0-p3C$qXeNR^xL#r;ToU0(DDmMM0#Kd>!2-&7}A^+DE;Tl=5OhWLbEYmc9n
zU)H^G#%iWNf7gd3=T{!M|65_pw|PQG(;u6wGcc|?P_?>iQC91unNt%lY(BFo`BPAV
z_>76hKkxPJvt638ggf}<Hz(guU125%|IcBV?-#2r^76}6Et!|W+l1H8O|{LwZGG3n
z+H?J-9{$584r!F~$8V~i(0^v4<_V^?J4+9<RH&ZOu=Wi}XFqd7Y;&=Vx<&V!<c(*p
zuQ~qM>D4-od$X6Vk@emz7ov5Z|K^n$-OFE>dN*|RZg1W{S=75R{Kj_4Qd6_fKg+`Z
z_O?ys=by4iIrQq(L+9MY|7Xje=y0!jwkTRK{u|2+zuv;yxu#v8a<%sPJ&*K|`F=+J
zf{a{befPqYUeP@)ow_YP7g)HtMORenoD7`2EJI#CXVS~uSATZsZB>sco!T?^<YXm3
zfBvI$&YqlhcI8v=-1*a;h4daKubFhFEq+V(!j~rn9DEi$N<Hbi<?oq?*3a(T*j;q7
zvTE0sW2I|XpUvBK`Gdf`QlY!2lRAWM6#rxWl=-#v1P{{=H}yO@&drQJwaeb;pT3e4
zAGhY;IVIz$q;qc7w=0%B4p<a)gtfNolPKSvA8DU9O9>}<A3pTq&$*N8v%If=(%$d#
zjrZ;?iMcuVs{L;6cFVatr@8NX*o#+ng*N3M#4OS)7yfQzaGSj1=w8$7*Ui*fO-+-N
zy|bf(&(8ThO?Yo}<3v+`uGhBL^+ofo8c(H`KmYsFeCm2_rY9Tj@ob*pr#`zz^|+_j
z?nMvX-i1EBw&eZ_anol{=H1+8ZM<*lwY$ZSPwciR`Ws}p=#d9QS1JFMaGN8KjJG7^
z%&ifMj;))!(#XV5p!14isJUfG<-W^qTVMA6WM{0qab>FVztcSrU)Fo^EKHGn(Z<QV
SCrtOmYO(W2^q01VT>t>=v#Klr

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/64/89894ad11093fdc49c0ed857d80682344a7264 b/integrations/gitea-repositories-meta/user2/utf8.git/objects/64/89894ad11093fdc49c0ed857d80682344a7264
new file mode 100644
index 0000000000000000000000000000000000000000..87e198aa9ca2e9f95e3fa41a231e50e697b131af
GIT binary patch
literal 39
vcmb<m^geacKghr+jpO_YpK}2Lp&mM3p&I_79zOnO&TM}Eh>2lZ0;dW9HS!N?

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/84/7c6d93c6860dd377651245711b7fbcd34a18d4 b/integrations/gitea-repositories-meta/user2/utf8.git/objects/84/7c6d93c6860dd377651245711b7fbcd34a18d4
new file mode 100644
index 0000000000000000000000000000000000000000..ffea321c19db661925c77ef5367155c13ba0b308
GIT binary patch
literal 41
xcmb<m^geacKghr+Js>QM<KzjQFa{-O=GLYwi=JHBBc!M2%p9u6uz{H~5&%M74t@Xt

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/9b/9cc8f558d1c4f815592496fa24308ba2a9c824 b/integrations/gitea-repositories-meta/user2/utf8.git/objects/9b/9cc8f558d1c4f815592496fa24308ba2a9c824
new file mode 100644
index 0000000000000000000000000000000000000000..8f033d5ae708445b39bf625905de1560bc416469
GIT binary patch
literal 47
zcmb<m^geacKghr=jpO7AoiK()hc2C&6w-RcruE9EGcv7vj@-E-(z@l$oDe+*=|bKO
E01{6YbpQYW

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/a4/f1bb3f2f8c6a0e840e935812ef4903ce515dad b/integrations/gitea-repositories-meta/user2/utf8.git/objects/a4/f1bb3f2f8c6a0e840e935812ef4903ce515dad
new file mode 100644
index 0000000000000000000000000000000000000000..9655a74c8321a8c3d9cf08111c6f1b320bf641ba
GIT binary patch
literal 394
zcmb<m)YkO!4K*+{Of)btFfcX@3<xzfGBrAT*5|y&$<z9pCp_2a_@6zQ=<)K+mt7hL
zKi^NZtT8{7zrl27h3L`)B@#2GcBhIlhpLNBTP8L=<=Jz_vj%0!6*FUU?xsq8R(|O5
zYTDPUry?umZ_Q4ua<F<M{5fcf@MWXoAjuk`_eG)S9vf7|mH)q4_+M)BP4#)1j#H(i
zR=j$;%wWrvCw_L<j#clp2|ckjU{~GwRQ*ov08z(veR})WDY%9mw~%2Kd6eGq`^Rb7
z`g@x_y}tZYT(M|E&zYp$39+l(*d#lTa<v_0?L4`X=XmsX*ZMP8Zrqwx7iF2d=vAZf
z^hJLROJ_KJk<e@~6*Xr0ajyQIP3^k-U#__ZrkSz6ne|OZEFjjwJ~Mq<2D7fV_nDJE
zj61b*F3p>N-+!N#Zt2>io<4C~ckHdZCBEX7b2qQ=)sQn^ytKR|(#~6cG=21FqWq$X
zT9@lqN|fkFRXVY*dUI$Jx3u1yJsYG`Ziz4Z|B~IT`(#AfoquW<ryu{V`6pkKq4ww+
FM*!lPy)OU&

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/c7/85b65bf16928b58567cb23669125c0ccd25a4f b/integrations/gitea-repositories-meta/user2/utf8.git/objects/c7/85b65bf16928b58567cb23669125c0ccd25a4f
new file mode 100644
index 0000000000000000000000000000000000000000..2cc606b7f2630a7bfe9e14c3a2eb3df81e880e31
GIT binary patch
literal 44
zcmb<m^geacKghr=f#c)}oiLBnXFNksoIkxX<b;O~n^BNx7q`&l;GH`dJ{{$W1^}ib
B60HCL

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/objects/e9/63733b8a355cf860c465b4af7b236a6ef08783 b/integrations/gitea-repositories-meta/user2/utf8.git/objects/e9/63733b8a355cf860c465b4af7b236a6ef08783
new file mode 100644
index 0000000000000000000000000000000000000000..8d16f34e5955b9a93bf1cdb71920d694fbd2c781
GIT binary patch
literal 47
zcmb<m^geacKghr=<%3S(2`yc{z!N&>g7pJELNs)Ib@fi3IUjt&SLf8TM@$TVJ9v%&
E0Kn@L+yDRo

literal 0
HcmV?d00001

diff --git a/integrations/gitea-repositories-meta/user2/utf8.git/refs/heads/Plus+Is+Not+Space b/integrations/gitea-repositories-meta/user2/utf8.git/refs/heads/Plus+Is+Not+Space
index 00dd05db8c..c2850d4c4d 100644
--- a/integrations/gitea-repositories-meta/user2/utf8.git/refs/heads/Plus+Is+Not+Space
+++ b/integrations/gitea-repositories-meta/user2/utf8.git/refs/heads/Plus+Is+Not+Space
@@ -1 +1 @@
-3a810dbf6b96afaa8c5f69a8b6ec1dabfca7368b
+59e2c41e8f5140bb0182acebec17c8ad9831cc62
diff --git a/integrations/nonascii_branches_test.go b/integrations/nonascii_branches_test.go
index 22d71e6ee2..1aab16fa3e 100644
--- a/integrations/nonascii_branches_test.go
+++ b/integrations/nonascii_branches_test.go
@@ -6,6 +6,7 @@ package integrations
 
 import (
 	"net/http"
+	"net/url"
 	"path"
 	"testing"
 
@@ -83,7 +84,7 @@ func TestNonasciiBranches(t *testing.T) {
 		},
 		{
 			from:   "Plus+Is+Not+Space/Файл.md",
-			to:     "branch/Plus+Is+Not+Space/%d0%a4%d0%b0%d0%b9%d0%bb.md",
+			to:     "branch/Plus+Is+Not+Space/%D0%A4%D0%B0%D0%B9%D0%BB.md",
 			status: http.StatusOK,
 		},
 		{
@@ -114,7 +115,7 @@ func TestNonasciiBranches(t *testing.T) {
 		},
 		{
 			from:   "タグ/ファイル.md",
-			to:     "tag/%e3%82%bf%e3%82%b0/%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab.md",
+			to:     "tag/%e3%82%bf%e3%82%b0/%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB.md",
 			status: http.StatusOK,
 		},
 		// Files
@@ -125,12 +126,12 @@ func TestNonasciiBranches(t *testing.T) {
 		},
 		{
 			from:   "Файл.md",
-			to:     "branch/Plus+Is+Not+Space/%d0%a4%d0%b0%d0%b9%d0%bb.md",
+			to:     "branch/Plus+Is+Not+Space/%D0%A4%D0%B0%D0%B9%D0%BB.md",
 			status: http.StatusOK,
 		},
 		{
 			from:   "ファイル.md",
-			to:     "branch/Plus+Is+Not+Space/%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab.md",
+			to:     "branch/Plus+Is+Not+Space/%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB.md",
 			status: http.StatusNotFound, // it's not on default branch
 		},
 		// Same but url-encoded (few tests)
@@ -146,7 +147,7 @@ func TestNonasciiBranches(t *testing.T) {
 		},
 		{
 			from:   "%D0%A4%D0%B0%D0%B9%D0%BB.md",
-			to:     "branch/Plus+Is+Not+Space/%d0%a4%d0%b0%d0%b9%d0%bb.md",
+			to:     "branch/Plus+Is+Not+Space/%D0%A4%D0%B0%D0%B9%D0%BB.md",
 			status: http.StatusOK,
 		},
 		{
@@ -159,6 +160,41 @@ func TestNonasciiBranches(t *testing.T) {
 			to:     "tag/%d0%81/%e4%ba%ba",
 			status: http.StatusOK,
 		},
+		{
+			from:   "Plus+Is+Not+Space/%25%252525mightnotplaywell",
+			to:     "branch/Plus+Is+Not+Space/%25%252525mightnotplaywell",
+			status: http.StatusOK,
+		},
+		{
+			from:   "Plus+Is+Not+Space/%25253Fisnotaquestion%25253F",
+			to:     "branch/Plus+Is+Not+Space/%25253Fisnotaquestion%25253F",
+			status: http.StatusOK,
+		},
+		{
+			from:   "Plus+Is+Not+Space/" + url.PathEscape("%3Fis?and#afile"),
+			to:     "branch/Plus+Is+Not+Space/" + url.PathEscape("%3Fis?and#afile"),
+			status: http.StatusOK,
+		},
+		{
+			from:   "Plus+Is+Not+Space/10%25.md",
+			to:     "branch/Plus+Is+Not+Space/10%25.md",
+			status: http.StatusOK,
+		},
+		{
+			from:   "Plus+Is+Not+Space/" + url.PathEscape("This+file%20has 1space"),
+			to:     "branch/Plus+Is+Not+Space/" + url.PathEscape("This+file%20has 1space"),
+			status: http.StatusOK,
+		},
+		{
+			from:   "Plus+Is+Not+Space/" + url.PathEscape("This+file%2520has 2 spaces"),
+			to:     "branch/Plus+Is+Not+Space/" + url.PathEscape("This+file%2520has 2 spaces"),
+			status: http.StatusOK,
+		},
+		{
+			from:   "Plus+Is+Not+Space/" + url.PathEscape("£15&$6.txt"),
+			to:     "branch/Plus+Is+Not+Space/" + url.PathEscape("£15&$6.txt"),
+			status: http.StatusOK,
+		},
 	}
 
 	defer prepareTestEnv(t)()
diff --git a/modules/context/context.go b/modules/context/context.go
index 568865d90e..82771b0c24 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -669,6 +669,10 @@ func Contexter() func(next http.Handler) http.Handler {
 			var locale = middleware.Locale(resp, req)
 			var startTime = time.Now()
 			var link = setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/")
+
+			chiCtx := chi.RouteContext(req.Context())
+			chiCtx.RoutePath = req.URL.EscapedPath()
+
 			var ctx = Context{
 				Resp:    NewResponse(resp),
 				Cache:   mc.GetCache(),
diff --git a/modules/context/repo.go b/modules/context/repo.go
index 12943ae37f..0f78ff429b 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -833,7 +833,7 @@ func RepoRefByType(refType RepoRefType, ignoreNotExistErr ...bool) func(*Context
 					setting.AppSubURL,
 					strings.TrimSuffix(ctx.Req.URL.Path, ctx.Params("*")),
 					ctx.Repo.BranchNameSubURL(),
-					ctx.Repo.TreePath))
+					util.PathEscapeSegments(ctx.Repo.TreePath)))
 				return
 			}
 		}