ref: 330639d2aefbcaef4106653617fe8b518eb0711e
parent: 32d82a4496e5f53a723293175e72b5a57ea6e5a3
author: Mathias Biilmann <[email protected]>
date: Sun Jul 10 21:06:40 EDT 2016
Fix panic when using URLize Using URLize on a string like '100%-true' would cause a panic
--- a/helpers/path.go
+++ b/helpers/path.go
@@ -91,6 +91,19 @@
return strings.Replace(strings.TrimSpace(inpath), "-", " ", -1)
}
+// From https://golang.org/src/net/url/url.go
+func ishex(c rune) bool {+ switch {+ case '0' <= c && c <= '9':
+ return true
+ case 'a' <= c && c <= 'f':
+ return true
+ case 'A' <= c && c <= 'F':
+ return true
+ }
+ return false
+}
+
// UnicodeSanitize sanitizes string to be used in Hugo URL's, allowing only
// a predefined set of special Unicode characters.
// If RemovePathAccents configuration flag is enabled, Uniccode accents
@@ -99,8 +112,10 @@
source := []rune(s)
target := make([]rune, 0, len(source))
- for _, r := range source {- if unicode.IsLetter(r) || unicode.IsDigit(r) || unicode.IsMark(r) || r == '%' || r == '.' || r == '/' || r == '\\' || r == '_' || r == '-' || r == '#' || r == '+' {+ for i, r := range source {+ if r == '%' && i+2 < len(source) && ishex(source[i+1]) && ishex(source[i+2]) {+ target = append(target, r)
+ } else if unicode.IsLetter(r) || unicode.IsDigit(r) || unicode.IsMark(r) || r == '.' || r == '/' || r == '\\' || r == '_' || r == '-' || r == '#' || r == '+' {target = append(target, r)
}
}
--- a/helpers/url_test.go
+++ b/helpers/url_test.go
@@ -31,6 +31,7 @@
{"foo,bar:foobar", "foobarfoobar"}, {"foo/bar.html", "foo/bar.html"}, {"трям/трям", "%D1%82%D1%80%D1%8F%D0%BC/%D1%82%D1%80%D1%8F%D0%BC"},+ {"100%-google", "100-google"},}
for _, test := range tests {