2014-06-07 12:46:58 +00:00
module BlobHelper
2016-01-19 13:52:41 +00:00
def highlighter ( blob_name , blob_content , nowrap : false )
Gitlab :: Highlight . new ( blob_name , blob_content , nowrap : nowrap )
end
def highlight ( blob_name , blob_content , nowrap : false )
Gitlab :: Highlight . highlight ( blob_name , blob_content , nowrap : nowrap )
2014-06-07 12:46:58 +00:00
end
def no_highlight_files
2014-12-03 11:50:00 +00:00
%w( credits changelog news copying copyright license authors )
2014-06-07 12:46:58 +00:00
end
2015-01-26 23:03:14 +00:00
2015-12-18 09:03:34 +00:00
def edit_blob_link ( project = @project , ref = @ref , path = @path , options = { } )
return unless current_user
blob = project . repository . blob_at ( ref , path ) rescue nil
2015-12-18 15:14:12 +00:00
return unless blob && blob_text_viewable? ( blob )
2015-12-18 09:03:34 +00:00
2015-12-08 16:10:07 +00:00
from_mr = options [ :from_merge_request_id ]
link_opts = { }
link_opts [ :from_merge_request_id ] = from_mr if from_mr
2015-12-18 09:03:34 +00:00
edit_path = namespace_project_edit_blob_path ( project . namespace , project ,
tree_join ( ref , path ) ,
link_opts )
2016-01-21 21:46:49 +00:00
if ! on_top_of_branch? ( project , ref )
2015-12-18 10:19:08 +00:00
button_tag " Edit " , class : " btn btn-default disabled has_tooltip " , title : " You can only edit files when you are on a branch " , data : { container : 'body' }
2016-01-21 21:46:49 +00:00
elsif can_edit_blob? ( blob , project , ref )
link_to " Edit " , edit_path , class : 'btn'
2015-12-18 09:03:34 +00:00
elsif can? ( current_user , :fork_project , project )
continue_params = {
to : edit_path ,
notice : edit_in_new_fork_notice ,
notice_now : edit_in_new_fork_notice_now
}
2016-01-12 02:50:02 +00:00
fork_path = namespace_project_forks_path ( project . namespace , project , namespace_key : current_user . namespace . id , continue : continue_params )
2015-12-18 09:03:34 +00:00
2016-01-21 21:46:49 +00:00
link_to " Edit " , fork_path , class : 'btn' , method : :post
2015-12-18 09:03:34 +00:00
end
end
def modify_file_link ( project = @project , ref = @ref , path = @path , label : , action : , btn_class : , modal_type : )
return unless current_user
blob = project . repository . blob_at ( ref , path ) rescue nil
return unless blob
2016-01-21 21:46:49 +00:00
if ! on_top_of_branch? ( project , ref )
2015-12-18 10:19:08 +00:00
button_tag label , class : " btn btn- #{ btn_class } disabled has_tooltip " , title : " You can only #{ action } files when you are on a branch " , data : { container : 'body' }
2015-12-18 15:14:12 +00:00
elsif blob . lfs_pointer?
button_tag label , class : " btn btn- #{ btn_class } disabled has_tooltip " , title : " It is not possible to #{ action } files that are stored in LFS using the web interface " , data : { container : 'body' }
2016-01-21 21:46:49 +00:00
elsif can_edit_blob? ( blob , project , ref )
2015-12-18 09:03:34 +00:00
button_tag label , class : " btn btn- #{ btn_class } " , 'data-target' = > " # modal- #{ modal_type } -blob " , 'data-toggle' = > 'modal'
elsif can? ( current_user , :fork_project , project )
continue_params = {
to : request . fullpath ,
notice : edit_in_new_fork_notice + " Try to #{ action } this file again. " ,
notice_now : edit_in_new_fork_notice_now
}
2016-01-12 02:50:02 +00:00
fork_path = namespace_project_forks_path ( project . namespace , project , namespace_key : current_user . namespace . id , continue : continue_params )
2015-12-18 09:03:34 +00:00
link_to label , fork_path , class : " btn btn- #{ btn_class } " , method : :post
end
end
def replace_blob_link ( project = @project , ref = @ref , path = @path )
modify_file_link (
project ,
ref ,
path ,
label : " Replace " ,
action : " replace " ,
btn_class : " default " ,
modal_type : " upload "
)
end
def delete_blob_link ( project = @project , ref = @ref , path = @path )
modify_file_link (
project ,
ref ,
path ,
label : " Delete " ,
action : " delete " ,
btn_class : " remove " ,
modal_type : " remove "
)
end
def can_edit_blob? ( blob , project = @project , ref = @ref )
! blob . lfs_pointer? && can_edit_tree? ( project , ref )
2015-01-26 23:03:14 +00:00
end
def leave_edit_message
" Leave edit mode? \n All unsaved changes will be lost. "
end
def editing_preview_title ( filename )
2015-05-12 23:40:11 +00:00
if Gitlab :: MarkupHelper . previewable? ( filename )
2015-01-26 23:03:14 +00:00
'Preview'
else
2015-12-02 13:53:11 +00:00
'Preview Changes'
2015-01-26 23:03:14 +00:00
end
end
2014-10-04 10:29:18 +00:00
# Return an image icon depending on the file mode and extension
#
# mode - File unix mode
# mode - File name
def blob_icon ( mode , name )
icon ( " #{ file_type_icon_class ( 'file' , mode , name ) } fw " )
end
2015-12-07 14:03:50 +00:00
2015-12-18 15:14:12 +00:00
def blob_text_viewable? ( blob )
2015-12-07 14:56:38 +00:00
blob && blob . text? && ! blob . lfs_pointer?
2015-12-07 14:03:50 +00:00
end
def blob_size ( blob )
if blob . lfs_pointer?
blob . lfs_size
else
blob . size
end
end
2015-09-13 03:54:06 +00:00
# SVGs can contain malicious JavaScript; only include whitelisted
# elements and attributes. Note that this whitelist is by no means complete
# and may omit some elements.
def sanitize_svg ( blob )
blob . data = Loofah . scrub_fragment ( blob . data , :strip ) . to_xml
blob
end
2016-02-24 10:53:30 +00:00
# If we blindly set the 'real' content type when serving a Git blob we
# are enabling XSS attacks. An attacker could upload e.g. a Javascript
# file to a Git repository, trick the browser of a victim into
# downloading the blob, and then the 'application/javascript' content
# type would tell the browser to execute the attacker's Javascript. By
# overriding the content type and setting it to 'text/plain' (in the
# example of Javascript) we tell the browser of the victim not to
# execute untrusted data.
def safe_content_type ( blob )
if blob . text?
'text/plain; charset=utf-8'
elsif blob . image?
blob . content_type
else
'application/octet-stream'
end
end
2016-03-03 16:59:47 +00:00
def set_cache_headers
if @project . visibility_level == Project :: PUBLIC
cache_control = 'public, '
else
cache_control = 'private, '
end
if @ref && @commit && @ref == @commit . id
# This is a link to a commit by its commit SHA. That means that the blob
# is immutable.
cache_control << 'max-age=600' # 10 minutes
else
# A branch or tag points at this blob. That means that the expected blob
# value may change over time.
cache_control << 'max-age=60' # 1 minute
end
headers [ 'Cache-Control' ] = cache_control
headers [ 'ETag' ] = @blob . id
end
def check_etag!
stale? ( etag : @blob . id )
end
2014-06-07 12:46:58 +00:00
end