From 0ac845042e14c85934f02ecef2696e1a8651663e Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Mon, 20 Dec 2021 17:18:26 +0000
Subject: [PATCH] Move POST /{username}/action/{action} to simply POST
 /{username} (#18045)

The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.

Fix #18037

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 routers/web/user/profile.go | 4 ++--
 routers/web/web.go          | 4 +---
 templates/user/profile.tmpl | 4 ++--
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 77b357c222..40fc44ed14 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -363,7 +363,7 @@ func Action(ctx *context.Context) {
 	}
 
 	var err error
-	switch ctx.Params(":action") {
+	switch ctx.FormString("action") {
 	case "follow":
 		err = user_model.FollowUser(ctx.User.ID, u.ID)
 	case "unfollow":
@@ -371,7 +371,7 @@ func Action(ctx *context.Context) {
 	}
 
 	if err != nil {
-		ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.Params(":action")), err)
+		ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.FormString("action")), err)
 		return
 	}
 	// FIXME: We should check this URL and make sure that it's a valid Gitea URL
diff --git a/routers/web/web.go b/routers/web/web.go
index 6ede410e3e..41c4e122fb 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -484,9 +484,7 @@ func RegisterRoutes(m *web.Route) {
 		m.Get("/attachments/{uuid}", repo.GetAttachment)
 	}, ignSignIn)
 
-	m.Group("/{username}", func() {
-		m.Post("/action/{action}", user.Action)
-	}, reqSignIn)
+	m.Post("/{username}", reqSignIn, user.Action)
 
 	if !setting.IsProd {
 		m.Get("/template/*", dev.TemplatePreview)
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
index 3bb15449a2..e0a6b39121 100644
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@@ -66,12 +66,12 @@
 							{{if and .IsSigned (ne .SignedUserName .Owner.Name)}}
 							<li class="follow">
 								{{if $.IsFollowing}}
-									<form method="post" action="{{.Link}}/action/unfollow?redirect_to={{$.Link}}">
+									<form method="post" action="{{.Link}}?action=unfollow&redirect_to={{$.Link}}">
 										{{$.CsrfTokenHtml}}
 										<button type="submit" class="ui basic red button">{{svg "octicon-person"}} {{.i18n.Tr "user.unfollow"}}</button>
 									</form>
 								{{else}}
-									<form method="post" action="{{.Link}}/action/follow?redirect_to={{$.Link}}">
+									<form method="post" action="{{.Link}}?action=follow&redirect_to={{$.Link}}">
 										{{$.CsrfTokenHtml}}
 										<button type="submit" class="ui basic green button">{{svg "octicon-person"}} {{.i18n.Tr "user.follow"}}</button>
 									</form>