初始提交: Gitea 项目代码

2026-05-30 22:47:36 +08:00
commit f288f76350
6116 changed files with 776822 additions and 0 deletions
@@ -0,0 +1,48 @@
+// Copyright 2026 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package common
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strings"
+	"testing"
+
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/test"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFetchRedirectDelegate(t *testing.T) {
+	defer test.MockVariableValue(&setting.AppURL, "https://gitea/")()
+
+	cases := []struct {
+		method string
+		input  string
+		status int
+	}{
+		{method: "POST", input: "/foo?k=v", status: http.StatusSeeOther},
+		{method: "GET", input: "/foo?k=v", status: http.StatusBadRequest},
+		{method: "POST", input: `\/foo?k=v`, status: http.StatusBadRequest},
+		{method: "POST", input: `\\/foo?k=v`, status: http.StatusBadRequest},
+		{method: "POST", input: "https://gitea/xxx", status: http.StatusSeeOther},
+		{method: "POST", input: "https://other/xxx", status: http.StatusBadRequest},
+	}
+	for _, c := range cases {
+		t.Run(c.method+" "+c.input, func(t *testing.T) {
+			resp := httptest.NewRecorder()
+			req := httptest.NewRequest(c.method, "/?redirect="+url.QueryEscape(c.input), nil)
+			FetchRedirectDelegate(resp, req)
+			assert.Equal(t, c.status, resp.Code)
+			if c.status == http.StatusSeeOther {
+				assert.Equal(t, c.input, resp.Header().Get("Location"))
+			} else {
+				assert.Empty(t, resp.Header().Get("Location"))
+				assert.Equal(t, "Bad Request", strings.TrimSpace(resp.Body.String()))
+			}
+		})
+	}
+}