Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(git-host): disallow URI-encoded slash (%2F) in path #44

Closed
wants to merge 1 commit into from
Closed

fix(git-host): disallow URI-encoded slash (%2F) in path #44

wants to merge 1 commit into from

Conversation

ybiquitous
Copy link
Contributor

Hi,

This PR fixes the part using encodeURIComponent in GitHost.prototype._fill method.

For example, when foo/bar (including /) is passed as a path option, this prevents / from being converted to %2F (URI encoding).

Note: This PR is produced by npm/cli#163 (comment)

@ybiquitous
Copy link
Contributor Author

The Travis build failure will be fixed via #45.

@isaacs isaacs closed this in 3776fa5 Aug 4, 2019
isaacs added a commit that referenced this pull request Aug 4, 2019
@isaacs
fix: Allow slashes in gitlab project section
bbcf7b2 
Technically these are called groups and subgroups in GitLab parlance,
but effectively, it means that a GitLab project url can have a path with
unlimited portions, like company/property/team/component.git.

This allows passing in unlimited path portions in the full url, and
avoids encoding the `project` section akin to how `path` is treated as
of 3776fa5 #44

Fix #46
Fix #43
@ybiquitous ybiquitous deleted the fix-encoded-slash-in-path branch August 4, 2019 23:58
isaacs added a commit to npm/cli that referenced this pull request Aug 5, 2019
@isaacs
[email protected]
4050b91 
FEATURES

* [bbcf7b2](npm/hosted-git-info@bbcf7b2)
  [#46](npm/hosted-git-info#46)
  [#43](npm/hosted-git-info#43)
  [#47](npm/hosted-git-info#47)
  [#44](npm/hosted-git-info#44) Add support for
  GitLab groups and subgroups ([@mterrel](https://github.com/mterrel),
  [@isaacs](https://github.com/isaacs),
  [@ybiquitous](https://github.com/ybiquitous))

BUGFIXES

* ([3b1d629](npm/hosted-git-info@3b1d629))
  [#48](npm/hosted-git-info#48) fix http protocol
  using sshurl by default ([@fengmk2](https://github.com/fengmk2))
* [5d4a8d7](npm/hosted-git-info@5d4a8d7) ignore
  noCommittish on tarball url generation
  ([@isaacs](https://github.com/isaacs))
* [1692435](npm/hosted-git-info@1692435) use gist
  tarball url that works for anonymous gists
  ([@isaacs](https://github.com/isaacs))
* [d5cf830](npm/hosted-git-info@d5cf830)
* Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
* [e518222](npm/hosted-git-info@e518222)
  Use LRU cache to prevent unbounded memory consumption
  ([@iarna](https://github.com/iarna))
@isaacs isaacs mentioned this pull request Aug 5, 2019
Merged
isaacs added a commit to npm/node that referenced this pull request Aug 6, 2019
@isaacs
deps: update npm to 6.10.3
8e7f26a 
BUGFIXES

* [`27cccfbda`](npm/cli@27cccfb)
  [nodejs#223](npm/cli#223) vulns → vulnerabilities in
  npm audit output ([@sapegin](https://github.com/sapegin))
* [`d5e865eb7`](npm/cli@d5e865e)
  [nodejs#222](npm/cli#222)
  [nodejs#226](npm/cli#226) install, doctor: don't crash
  if registry unset ([@dmitrydvorkin](https://github.com/dmitrydvorkin),
  [@isaacs](https://github.com/isaacs))
* [`5b3890226`](npm/cli@5b38902)
  [nodejs#227](npm/cli#227)
  [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5)
  Handle unhandledRejections, tell user what to do when encountering an
  `EACCES` error in the cache.  ([@isaacs](https://github.com/isaacs))

DEPENDENCIES

* [`77516df6e`](npm/cli@77516df)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`ceb993590`](npm/cli@ceb9935)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`4050b9189`](npm/cli@4050b91)
  `[email protected]`
    * [nodejs#46](npm/hosted-git-info#46)
      [nodejs#43](npm/hosted-git-info#43)
      [nodejs#47](npm/hosted-git-info#47)
      [nodejs#44](npm/hosted-git-info#44) Add support for
      GitLab subgroups ([@mterrel](https://github.com/mterrel),
      [@isaacs](https://github.com/isaacs),
      [@ybiquitous](https://github.com/ybiquitous))
    * [`3b1d629`](npm/hosted-git-info@3b1d629)
      [nodejs#48](npm/hosted-git-info#48) fix http
      protocol using sshurl by default
      ([@fengmk2](https://github.com/fengmk2))
    * [`5d4a8d7`](npm/hosted-git-info@5d4a8d7)
      ignore noCommittish on tarball url generation
      ([@isaacs](https://github.com/isaacs))
    * [`1692435`](npm/hosted-git-info@1692435)
      use gist tarball url that works for anonymous gists
      ([@isaacs](https://github.com/isaacs))
    * [`d5cf830`](npm/hosted-git-info@d5cf830)
      Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
    * [`e518222`](npm/hosted-git-info@e518222)
      Use LRU cache to prevent unbounded memory consumption
      ([@iarna](https://github.com/iarna))
@isaacs isaacs mentioned this pull request Aug 6, 2019
Closed
@snyk-bot snyk-bot mentioned this pull request Aug 16, 2019
Merged
Trott pushed a commit to nodejs/node that referenced this pull request Aug 20, 2019
@isaacs @Trott
deps: update npm to 6.10.3
f769034 
BUGFIXES

* [`27cccfbda`](npm/cli@27cccfb)
  [#223](npm/cli#223) vulns → vulnerabilities in
  npm audit output ([@sapegin](https://github.com/sapegin))
* [`d5e865eb7`](npm/cli@d5e865e)
  [#222](npm/cli#222)
  [#226](npm/cli#226) install, doctor: don't crash
  if registry unset ([@dmitrydvorkin](https://github.com/dmitrydvorkin),
  [@isaacs](https://github.com/isaacs))
* [`5b3890226`](npm/cli@5b38902)
  [#227](npm/cli#227)
  [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5)
  Handle unhandledRejections, tell user what to do when encountering an
  `EACCES` error in the cache.  ([@isaacs](https://github.com/isaacs))

DEPENDENCIES

* [`77516df6e`](npm/cli@77516df)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`ceb993590`](npm/cli@ceb9935)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`4050b9189`](npm/cli@4050b91)
  `[email protected]`
    * [#46](npm/hosted-git-info#46)
      [#43](npm/hosted-git-info#43)
      [#47](npm/hosted-git-info#47)
      [#44](npm/hosted-git-info#44) Add support for
      GitLab subgroups ([@mterrel](https://github.com/mterrel),
      [@isaacs](https://github.com/isaacs),
      [@ybiquitous](https://github.com/ybiquitous))
    * [`3b1d629`](npm/hosted-git-info@3b1d629)
      [#48](npm/hosted-git-info#48) fix http
      protocol using sshurl by default
      ([@fengmk2](https://github.com/fengmk2))
    * [`5d4a8d7`](npm/hosted-git-info@5d4a8d7)
      ignore noCommittish on tarball url generation
      ([@isaacs](https://github.com/isaacs))
    * [`1692435`](npm/hosted-git-info@1692435)
      use gist tarball url that works for anonymous gists
      ([@isaacs](https://github.com/isaacs))
    * [`d5cf830`](npm/hosted-git-info@d5cf830)
      Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
    * [`e518222`](npm/hosted-git-info@e518222)
      Use LRU cache to prevent unbounded memory consumption
      ([@iarna](https://github.com/iarna))

PR-URL: #29023
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
This was referenced Aug 30, 2019
Closed
Open
Open
Merged
BridgeAR pushed a commit to nodejs/node that referenced this pull request Sep 3, 2019
@isaacs @BridgeAR
deps: update npm to 6.10.3
219c195 
BUGFIXES

* [`27cccfbda`](npm/cli@27cccfb)
  [#223](npm/cli#223) vulns → vulnerabilities in
  npm audit output ([@sapegin](https://github.com/sapegin))
* [`d5e865eb7`](npm/cli@d5e865e)
  [#222](npm/cli#222)
  [#226](npm/cli#226) install, doctor: don't crash
  if registry unset ([@dmitrydvorkin](https://github.com/dmitrydvorkin),
  [@isaacs](https://github.com/isaacs))
* [`5b3890226`](npm/cli@5b38902)
  [#227](npm/cli#227)
  [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5)
  Handle unhandledRejections, tell user what to do when encountering an
  `EACCES` error in the cache.  ([@isaacs](https://github.com/isaacs))

DEPENDENCIES

* [`77516df6e`](npm/cli@77516df)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`ceb993590`](npm/cli@ceb9935)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`4050b9189`](npm/cli@4050b91)
  `[email protected]`
    * [#46](npm/hosted-git-info#46)
      [#43](npm/hosted-git-info#43)
      [#47](npm/hosted-git-info#47)
      [#44](npm/hosted-git-info#44) Add support for
      GitLab subgroups ([@mterrel](https://github.com/mterrel),
      [@isaacs](https://github.com/isaacs),
      [@ybiquitous](https://github.com/ybiquitous))
    * [`3b1d629`](npm/hosted-git-info@3b1d629)
      [#48](npm/hosted-git-info#48) fix http
      protocol using sshurl by default
      ([@fengmk2](https://github.com/fengmk2))
    * [`5d4a8d7`](npm/hosted-git-info@5d4a8d7)
      ignore noCommittish on tarball url generation
      ([@isaacs](https://github.com/isaacs))
    * [`1692435`](npm/hosted-git-info@1692435)
      use gist tarball url that works for anonymous gists
      ([@isaacs](https://github.com/isaacs))
    * [`d5cf830`](npm/hosted-git-info@d5cf830)
      Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
    * [`e518222`](npm/hosted-git-info@e518222)
      Use LRU cache to prevent unbounded memory consumption
      ([@iarna](https://github.com/iarna))

PR-URL: #29023
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
@snyk-bot snyk-bot mentioned this pull request Sep 19, 2019
Open
@snyk-bot snyk-bot mentioned this pull request Oct 1, 2019
Open
BethGriggs pushed a commit to nodejs/node that referenced this pull request Oct 19, 2019
@isaacs @BethGriggs
deps: update npm to 6.10.3
55cd01c 
BUGFIXES

* [`27cccfbda`](npm/cli@27cccfb)
  [#223](npm/cli#223) vulns → vulnerabilities in
  npm audit output ([@sapegin](https://github.com/sapegin))
* [`d5e865eb7`](npm/cli@d5e865e)
  [#222](npm/cli#222)
  [#226](npm/cli#226) install, doctor: don't crash
  if registry unset ([@dmitrydvorkin](https://github.com/dmitrydvorkin),
  [@isaacs](https://github.com/isaacs))
* [`5b3890226`](npm/cli@5b38902)
  [#227](npm/cli#227)
  [npm.community#9167](https://npm.community/t/npm-err-cb-never-called-permission-denied/9167/5)
  Handle unhandledRejections, tell user what to do when encountering an
  `EACCES` error in the cache.  ([@isaacs](https://github.com/isaacs))

DEPENDENCIES

* [`77516df6e`](npm/cli@77516df)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`ceb993590`](npm/cli@ceb9935)
  `[email protected]` ([@isaacs](https://github.com/isaacs))
* [`4050b9189`](npm/cli@4050b91)
  `[email protected]`
    * [#46](npm/hosted-git-info#46)
      [#43](npm/hosted-git-info#43)
      [#47](npm/hosted-git-info#47)
      [#44](npm/hosted-git-info#44) Add support for
      GitLab subgroups ([@mterrel](https://github.com/mterrel),
      [@isaacs](https://github.com/isaacs),
      [@ybiquitous](https://github.com/ybiquitous))
    * [`3b1d629`](npm/hosted-git-info@3b1d629)
      [#48](npm/hosted-git-info#48) fix http
      protocol using sshurl by default
      ([@fengmk2](https://github.com/fengmk2))
    * [`5d4a8d7`](npm/hosted-git-info@5d4a8d7)
      ignore noCommittish on tarball url generation
      ([@isaacs](https://github.com/isaacs))
    * [`1692435`](npm/hosted-git-info@1692435)
      use gist tarball url that works for anonymous gists
      ([@isaacs](https://github.com/isaacs))
    * [`d5cf830`](npm/hosted-git-info@d5cf830)
      Do not allow invalid gist urls ([@isaacs](https://github.com/isaacs))
    * [`e518222`](npm/hosted-git-info@e518222)
      Use LRU cache to prevent unbounded memory consumption
      ([@iarna](https://github.com/iarna))

PR-URL: #29023
Reviewed-By: Jiawen Geng <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
This was referenced Oct 26, 2019
Open
Open
This was referenced Nov 5, 2019
Open
Open
@snyk-bot snyk-bot mentioned this pull request Nov 14, 2019
Open
This was referenced Nov 25, 2019
Open
Open
@snyk-bot snyk-bot mentioned this pull request Dec 5, 2019
Open
@JACKEYBANKZ JACKEYBANKZ mentioned this pull request Oct 24, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ybiquitous