Fix some issues with special chars in branch names

modules/context/repo.go

@@ -8,6 +8,7 @@ package context
 import (
 "fmt"
 "io/ioutil"
+"net/url"
 "path"
 "strings"
 
@@ -618,10 +619,11 @@ func RepoRefByType(refType RepoRefType) macaron.Handler {
 
 if refType == RepoRefLegacy {
 // redirect from old URL scheme to new URL scheme
+unescaped, _ := url.PathUnescape(ctx.Req.URL.String())
 ctx.Redirect(path.Join(
 setting.AppSubURL,
-strings.TrimSuffix(ctx.Req.URL.String(), ctx.Params("*")),
-ctx.Repo.BranchNameSubURL(),
+strings.TrimSuffix(unescaped, ctx.Params("*")),
+(&url.URL{Path: ctx.Repo.BranchNameSubURL()}).String(),
 ctx.Repo.TreePath))
 return
 }

templates/repo/activity.tmpl

@@ -92,7 +92,7 @@
 <div class="ui green label">{{$.i18n.Tr "repo.activity.published_release_label"}}</div>
 {{.TagName}}
 {{if not .IsTag}}
-<a class="title has-emoji" href="{{$.Repository.HTMLURL}}/src/{{.TagName}}">{{.Title}}</a>
+<a class="title has-emoji" href="{{$.Repository.HTMLURL}}/src/{{.TagName | EscapePound}}">{{.Title}}</a>
 {{end}}
 {{TimeSinceUnix .CreatedUnix $.Lang}}
 </p>

templates/repo/branch/list.tmpl

@@ -38,10 +38,10 @@
 <tr>
 <td>
 {{if .IsDeleted}}
-<s><a href="{{$.RepoLink}}/src/branch/{{.Name}}">{{.Name}}</a></s>
+<s><a href="{{$.RepoLink}}/src/branch/{{.Name | EscapePound}}">{{.Name}}</a></s>
 <p class="time">{{$.i18n.Tr "repo.branch.deleted_by" .DeletedBranch.DeletedBy.Name}} {{TimeSinceUnix .DeletedBranch.DeletedUnix $.i18n.Lang}}</p>
 {{else}}
-<a href="{{$.RepoLink}}/src/branch/{{.Name}}">{{.Name}}</a>
+<a href="{{$.RepoLink}}/src/branch/{{.Name | EscapePound}}">{{.Name}}</a>
 <p class="time">{{$.i18n.Tr "org.repo_updated"}} {{TimeSince .Commit.Committer.When $.i18n.Lang}}</p>
 </td>
 {{end}}

templates/repo/commits_table.tmpl

@@ -5,7 +5,7 @@
 </div>
 <div class="ten wide right aligned column">
 {{if .PageIsCommits}}
-<form class="ignore-dirty" action="{{.RepoLink}}/commits/{{.BranchNameSubURL}}/search">
+<form class="ignore-dirty" action="{{.RepoLink}}/commits/{{.BranchNameSubURL | EscapePound}}/search">
 <div class="ui tiny search input">
 <input name="q" placeholder="{{.i18n.Tr "repo.commits.search"}}" value="{{.Keyword}}" autofocus>
 </div>
@@ -79,4 +79,4 @@
 </div>
 {{end}}
 
-{{template "base/paginate" .}}
+{{template "base/paginate" .}}

templates/repo/editor/edit.tmpl

@@ -30,8 +30,8 @@
 <div class="ui top attached tabular menu" data-write="write" data-preview="preview" data-diff="diff">
 <a class="active item" data-tab="write"><i class="octicon octicon-code"></i> {{if .IsNewFile}}{{.i18n.Tr "repo.editor.new_file"}}{{else}}{{.i18n.Tr "repo.editor.edit_file"}}{{end}}</a>
 {{if not .IsNewFile}}
-<a class="item" data-tab="preview" data-url="{{AppSubUrl}}/api/v1/markdown" data-context="{{.RepoLink}}/src/{{.BranchNameSubURL}}" data-preview-file-modes="{{.PreviewableFileModes}}"><i class="octicon octicon-eye"></i> {{.i18n.Tr "repo.release.preview"}}</a>
-<a class="item" data-tab="diff" data-url="{{.RepoLink}}/_preview/{{.BranchName}}/{{.TreePath}}" data-context="{{.BranchLink}}"><i class="octicon octicon-diff"></i> {{.i18n.Tr "repo.editor.preview_changes"}}</a>
+<a class="item" data-tab="preview" data-url="{{AppSubUrl}}/api/v1/markdown" data-context="{{.RepoLink}}/src/{{.BranchNameSubURL | EscapePound}}" data-preview-file-modes="{{.PreviewableFileModes}}"><i class="octicon octicon-eye"></i> {{.i18n.Tr "repo.release.preview"}}</a>
+<a class="item" data-tab="diff" data-url="{{.RepoLink}}/_preview/{{.BranchName | EscapePound}}/{{.TreePath | EscapePound}}" data-context="{{.BranchLink}}"><i class="octicon octicon-diff"></i> {{.i18n.Tr "repo.editor.preview_changes"}}</a>
 {{end}}
 </div>
 <div class="ui bottom attached active tab segment" data-tab="write">

templates/repo/header.tmpl

@@ -48,7 +48,7 @@
 <div class="ui tabs container">
 <div class="ui tabular stackable menu navbar">
 {{if .Repository.UnitEnabled $.UnitTypeCode}}
-<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL}}{{end}}">
+<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL | EscapePound}}{{end}}">
 <i class="octicon octicon-code"></i> {{.i18n.Tr "repo.code"}}
 </a>
 {{end}}

templates/repo/home.tmpl

@@ -48,7 +48,7 @@
 <div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
 {{if and .PullRequestCtx.Allowed .IsViewBranch}}
 <div class="fitted item">
-<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch}}...{{.Repository.Owner.Name}}:{{.BranchName}}">
+<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{.Repository.Owner.Name}}:{{.BranchName | EscapePound}}">
 <button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
 </a>
 </div>

templates/repo/issue/view.tmpl

@@ -10,7 +10,7 @@
 {{if .PageIsIssueList}}
 <a class="ui green button" href="{{.RepoLink}}/issues/new">{{.i18n.Tr "repo.issues.new"}}</a>
 {{else}}
-<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName}}...{{.PullRequestCtx.HeadInfo}}">{{.i18n.Tr "repo.pulls.new"}}</a>
+<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName | EscapePound}}...{{.PullRequestCtx.HeadInfo | EscapePound}}">{{.i18n.Tr "repo.pulls.new"}}</a>
 {{end}}
 </div>
 </div>

templates/repo/pulls/commits.tmpl

@@ -5,7 +5,7 @@
 <div class="navbar">
 {{template "repo/issue/navbar" .}}
 <div class="ui right">
-<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName}}...{{.PullRequestCtx.HeadInfo}}">{{.i18n.Tr "repo.pulls.new"}}</a>
+<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName | EscapePound}}...{{.PullRequestCtx.HeadInfo | EscapePound}}">{{.i18n.Tr "repo.pulls.new"}}</a>
 </div>
 </div>
 <div class="ui divider"></div>

templates/repo/pulls/files.tmpl

@@ -5,7 +5,7 @@
 <div class="navbar">
 {{template "repo/issue/navbar" .}}
 <div class="ui right">
-<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName}}...{{.PullRequestCtx.HeadInfo}}">{{.i18n.Tr "repo.pulls.new"}}</a>
+<a class="ui green button {{if not .PullRequestCtx.Allowed}}disabled{{end}}" href="{{.RepoLink}}/compare/{{.BranchName | EscapePound}}...{{.PullRequestCtx.HeadInfo | EscapePound}}">{{.i18n.Tr "repo.pulls.new"}}</a>
 </div>
 </div>
 <div class="ui divider"></div>

templates/repo/release/list.tmpl

@@ -28,7 +28,7 @@
 <span class="ui green label">{{$.i18n.Tr "repo.release.stable"}}</span>
 {{end}}
 <span class="tag text blue">
-<a href="{{$.RepoLink}}/src/tag/{{.TagName}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
+<a href="{{$.RepoLink}}/src/tag/{{.TagName | EscapePound}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
 </span>
 <span class="commit">
 <a href="{{$.RepoLink}}/src/commit/{{.Sha1}}" rel="nofollow"><i class="code icon"></i> {{ShortSha .Sha1}}</a>
@@ -38,19 +38,19 @@
 <div class="ui twelve wide column detail">
 {{if .IsTag}}
 <h4>
-<a href="{{$.RepoLink}}/src/tag/{{.TagName}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
+<a href="{{$.RepoLink}}/src/tag/{{.TagName | EscapePound}}" rel="nofollow"><i class="tag icon"></i> {{.TagName}}</a>
 </h4>
 <div class="download">
 {{if $.Repository.UnitEnabled $.UnitTypeCode}}
 <a href="{{$.RepoLink}}/src/commit/{{.Sha1}}" rel="nofollow"><i class="code icon"></i> {{ShortSha .Sha1}}</a>
-<a href="{{$.RepoLink}}/archive/{{.TagName}}.zip" rel="nofollow"><i class="octicon octicon-file-zip"></i> ZIP</a>
-<a href="{{$.RepoLink}}/archive/{{.TagName}}.tar.gz"><i class="octicon octicon-file-zip"></i> TAR.GZ</a>
+<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.zip" rel="nofollow"><i class="octicon octicon-file-zip"></i> ZIP</a>
+<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.tar.gz"><i class="octicon octicon-file-zip"></i> TAR.GZ</a>
 {{end}}
 </div>
 {{else}}
 <h3>
-<a href="{{$.RepoLink}}/src/tag/{{.TagName}}">{{.Title}}</a>
-{{if $.IsRepositoryWriter}}<small>(<a href="{{$.RepoLink}}/releases/edit/{{.TagName}}" rel="nofollow">{{$.i18n.Tr "repo.release.edit"}}</a>)</small>{{end}}
+<a href="{{$.RepoLink}}/src/tag/{{.TagName | EscapePound}}">{{.Title}}</a>
+{{if $.IsRepositoryWriter}}<small>(<a href="{{$.RepoLink}}/releases/edit/{{.TagName | EscapePound}}" rel="nofollow">{{$.i18n.Tr "repo.release.edit"}}</a>)</small>{{end}}
 </h3>
 <p class="text grey">
 <span class="author">
@@ -68,10 +68,10 @@
 <ul class="list">
 {{if $.Repository.UnitEnabled $.UnitTypeCode}}
 <li>
-<a href="{{$.RepoLink}}/archive/{{.TagName}}.zip" rel="nofollow"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (ZIP)</strong></a>
+<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.zip" rel="nofollow"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (ZIP)</strong></a>
 </li>
 <li>
-<a href="{{$.RepoLink}}/archive/{{.TagName}}.tar.gz"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (TAR.GZ)</strong></a>
+<a href="{{$.RepoLink}}/archive/{{.TagName | EscapePound}}.tar.gz"><strong><i class="octicon octicon-file-zip"></i> {{$.i18n.Tr "repo.release.source_code"}} (TAR.GZ)</strong></a>
 </li>
 {{end}}
 {{if .Attachments}}

templates/repo/settings/branches.tmpl

@@ -48,7 +48,7 @@
 <div class="default text">{{.i18n.Tr "repo.settings.choose_branch"}}</div>
 <div class="menu transition hidden" tabindex="-1" style="display: block !important;">
 {{range .LeftBranches}}
-<a class="item" href="{{$.Repository.Link}}/settings/branches/{{.}}">{{.}}</a>
+<a class="item" href="{{$.Repository.Link}}/settings/branches/{{. | EscapePound}}">{{.}}</a>
 {{end}}
 </div>
 </div>
@@ -62,7 +62,7 @@
 {{range .ProtectedBranches}}
 <tr>
 <td><div class="ui basic label blue">{{.BranchName}}</div></td>
-<td class="right aligned"><a class="rm ui button" href="{{$.Repository.Link}}/settings/branches/{{.BranchName}}">Edit</a></td>
+<td class="right aligned"><a class="rm ui button" href="{{$.Repository.Link}}/settings/branches/{{.BranchName | EscapePound}}">Edit</a></td>
 </tr>
 {{else}}
 <tr class="center aligned"><td>{{.i18n.Tr "repo.settings.no_protected_branch"}}</td></tr>

templates/user/dashboard/feeds.tmpl

@@ -13,8 +13,8 @@
 {{else if eq .GetOpType 2}}
 {{$.i18n.Tr "action.rename_repo" .GetContent .GetRepoLink .ShortRepoPath | Str2html}}
 {{else if eq .GetOpType 5}}
-{{ $branchLink := .GetBranch | EscapePound}}
-{{$.i18n.Tr "action.commit_repo" .GetRepoLink $branchLink .GetBranch .ShortRepoPath | Str2html}}
+{{ $branchLink := (printf "branch/%s" .GetBranch) | EscapePound | Escape}}
+{{$.i18n.Tr "action.commit_repo" .GetRepoLink $branchLink (Escape .GetBranch) .ShortRepoPath | Str2html}}
 {{else if eq .GetOpType 6}}
 {{ $index := index .GetIssueInfos 0}}
 {{$.i18n.Tr "action.create_issue" .GetRepoLink $index .ShortRepoPath | Str2html}}
@@ -24,7 +24,8 @@
 {{else if eq .GetOpType 8}}
 {{$.i18n.Tr "action.transfer_repo" .GetContent .GetRepoLink .ShortRepoPath | Str2html}}
 {{else if eq .GetOpType 9}}
-{{$.i18n.Tr "action.push_tag" .GetRepoLink .GetBranch .ShortRepoPath | Str2html}}
+{{ $branchLink := .GetBranch | EscapePound | Escape}}
+{{$.i18n.Tr "action.push_tag" .GetRepoLink $branchLink .ShortRepoPath | Str2html}}
 {{else if eq .GetOpType 10}}
 {{ $index := index .GetIssueInfos 0}}
 {{$.i18n.Tr "action.comment_issue" .GetRepoLink $index .ShortRepoPath | Str2html}}