Project/Repository commit message not escaped properly
repro:
- make changes
- go to Project/Repository/Commits
- enter a commit message with a
+
, Commit -
+
in commit message is replaced with a space
cause: commit message is appended as a GET param, +
are somewhere treated as
(informal url escaping?), e.g.
https://app.echtzeit.interkit.app/git/commitAll/pR0J3cT1D/?message=foo+bar
this should probably be ?message=foo%20bar
.
i did not investigate thoroughly, but there is potential for more critical breakage, when commit messages contain ../
? also check #
and such.
could be purely cosmetic, though.
solutions: urlEncode
, base64, or POST.