gitlab-org--gitlab-foss/app/helpers/blob_helper.rb

module BlobHelper
  def highlight(blob_name, blob_content, repository: nil, plain: false)
    highlighted = Gitlab::Highlight.highlight(blob_name, blob_content, plain: plain, repository: repository)
    raw %(<pre class="code highlight"><code>#{highlighted}</code></pre>)
  end

  def no_highlight_files
    %w(credits changelog news copying copyright license authors)
  end

  def edit_blob_link(project = @project, ref = @ref, path = @path, options = {})
    return unless current_user

    blob = options.delete(:blob)
    blob ||= project.repository.blob_at(ref, path) rescue nil

    return unless blob

    edit_path = namespace_project_edit_blob_path(project.namespace, project,
                                     tree_join(ref, path),
                                     options[:link_opts])

    if !on_top_of_branch?(project, ref)
      button_tag "Edit", class: "btn disabled has-tooltip", title: "You can only edit files when you are on a branch", data: { container: 'body' }
    elsif can_edit_blob?(blob, project, ref)
      link_to "Edit", edit_path, class: 'btn btn-sm'
    elsif can?(current_user, :fork_project, project)
      continue_params = {
        to:     edit_path,
        notice: edit_in_new_fork_notice,
        notice_now: edit_in_new_fork_notice_now
      }
      fork_path = namespace_project_forks_path(project.namespace, project, namespace_key: current_user.namespace.id, continue: continue_params)

      link_to "Edit", fork_path, class: 'btn', method: :post
    end
  end

  def modify_file_link(project = @project, ref = @ref, path = @path, label:, action:, btn_class:, modal_type:)
    return unless current_user

    blob = project.repository.blob_at(ref, path) rescue nil

    return unless blob

    if !on_top_of_branch?(project, ref)
      button_tag label, class: "btn btn-#{btn_class} disabled has-tooltip", title: "You can only #{action} files when you are on a branch", data: { container: 'body' }
    elsif blob.lfs_pointer?
      button_tag label, class: "btn btn-#{btn_class} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' }
    elsif can_edit_blob?(blob, project, ref)
      button_tag label, class: "btn btn-#{btn_class}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal'
    elsif can?(current_user, :fork_project, project)
      continue_params = {
        to:     request.fullpath,
        notice: edit_in_new_fork_notice + " Try to #{action} this file again.",
        notice_now: edit_in_new_fork_notice_now
      }
      fork_path = namespace_project_forks_path(project.namespace, project, namespace_key: current_user.namespace.id, continue: continue_params)

      link_to label, fork_path, class: "btn btn-#{btn_class}", method: :post
    end
  end

  def replace_blob_link(project = @project, ref = @ref, path = @path)
    modify_file_link(
      project,
      ref,
      path,
      label:      "Replace",
      action:     "replace",
      btn_class:  "default",
      modal_type: "upload"
    )
  end

  def delete_blob_link(project = @project, ref = @ref, path = @path)
    modify_file_link(
      project,
      ref,
      path,
      label:      "Delete",
      action:     "delete",
      btn_class:  "remove",
      modal_type: "remove"
    )
  end

  def can_edit_blob?(blob, project = @project, ref = @ref)
    !blob.lfs_pointer? && can_edit_tree?(project, ref)
  end

  def leave_edit_message
    "Leave edit mode?\nAll unsaved changes will be lost."
  end

  def editing_preview_title(filename)
    if Gitlab::MarkupHelper.previewable?(filename)
      'Preview'
    else
      'Preview Changes'
    end
  end

  # Return an image icon depending on the file mode and extension
  #
  # mode - File unix mode
  # mode - File name
  def blob_icon(mode, name)
    icon("#{file_type_icon_class('file', mode, name)} fw")
  end

  def blob_text_viewable?(blob)
    blob && blob.text? && !blob.lfs_pointer? && !blob.only_display_raw?
  end

  def blob_size(blob)
    if blob.lfs_pointer?
      blob.lfs_size
    else
      blob.size
    end
  end

  # SVGs can contain malicious JavaScript; only include whitelisted
  # elements and attributes. Note that this whitelist is by no means complete
  # and may omit some elements.
  def sanitize_svg(blob)
    blob.data = Gitlab::Sanitizers::SVG.clean(blob.data)
    blob
  end

  # If we blindly set the 'real' content type when serving a Git blob we
  # are enabling XSS attacks. An attacker could upload e.g. a Javascript
  # file to a Git repository, trick the browser of a victim into
  # downloading the blob, and then the 'application/javascript' content
  # type would tell the browser to execute the attacker's Javascript. By
  # overriding the content type and setting it to 'text/plain' (in the
  # example of Javascript) we tell the browser of the victim not to
  # execute untrusted data.
  def safe_content_type(blob)
    if blob.text?
      'text/plain; charset=utf-8'
    elsif blob.image?
      blob.content_type
    else
      'application/octet-stream'
    end
  end

  def cached_blob?
    stale = stale?(etag: @blob.id) # The #stale? method sets cache headers.

    # Because we are opionated we set the cache headers ourselves.
    response.cache_control[:public] = @project.public?

    if @ref && @commit && @ref == @commit.id
      # This is a link to a commit by its commit SHA. That means that the blob
      # is immutable. The only reason to invalidate the cache is if the commit
      # was deleted or if the user lost access to the repository.
      response.cache_control[:max_age] = Blob::CACHE_TIME_IMMUTABLE
    else
      # A branch or tag points at this blob. That means that the expected blob
      # value may change over time.
      response.cache_control[:max_age] = Blob::CACHE_TIME
    end

    response.etag = @blob.id
    !stale
  end

  def licenses_for_select
    return @licenses_for_select if defined?(@licenses_for_select)

    licenses = Licensee::License.all

    @licenses_for_select = {
      Popular: licenses.select(&:featured).map { |license| { name: license.name, id: license.key } },
      Other: licenses.reject(&:featured).map { |license| { name: license.name, id: license.key } }
    }
  end

  def ref_project
    @ref_project ||= @target_project || @project
  end

  def gitignore_names
    @gitignore_names ||= Gitlab::Template::GitignoreTemplate.dropdown_names
  end

  def gitlab_ci_ymls
    @gitlab_ci_ymls ||= Gitlab::Template::GitlabCiYmlTemplate.dropdown_names(params[:context])
  end

  def dockerfile_names
    @dockerfile_names ||= Gitlab::Template::DockerfileTemplate.dropdown_names
  end

  def blob_editor_paths
    {
      'relative-url-root' => Rails.application.config.relative_url_root,
      'assets-prefix' => Gitlab::Application.config.assets.prefix,
      'blob-language' => @blob && @blob.language.try(:ace_mode)
    }
  end
end
Specify language detection for highlight.js Because I am tired of CHANGELOG highlighted as sql file :) Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-07 08:46:58 -04:00			`module BlobHelper`
kill the nowrap option the <pre><code> wrapping is always used by the helper, and never by anywhere else, so pull the wrapping into the helper 2016-06-15 14:52:23 -04:00			`def highlight(blob_name, blob_content, repository: nil, plain: false)`
			`highlighted = Gitlab::Highlight.highlight(blob_name, blob_content, plain: plain, repository: repository)`
use %(...) and %[...] in favor of %<...> 2016-07-15 01:43:49 -04:00			`raw %(<pre class="code highlight"><code>#{highlighted}</code></pre>)`
Specify language detection for highlight.js Because I am tired of CHANGELOG highlighted as sql file :) Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-07 08:46:58 -04:00			`end`

			`def no_highlight_files`
Added "news" to no_highlight_files 2014-12-03 06:50:00 -05:00			`%w(credits changelog news copying copyright license authors)`
Specify language detection for highlight.js Because I am tired of CHANGELOG highlighted as sql file :) Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-07 08:46:58 -04:00			`end`
Refactor blob helpers 2015-01-26 18:03:14 -05:00
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00			`def edit_blob_link(project = @project, ref = @ref, path = @path, options = {})`
			`return unless current_user`

edit_blob_link can receive the blob to avoid access to the repository 2016-08-17 11:05:00 -04:00			`blob = options.delete(:blob)`
			`blob \|\|= project.repository.blob_at(ref, path) rescue nil`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00
Improve diff performance by eliminating redundant checks for text blobs On a merge request with over 1000 changed files, there were redundant calls to blob_text_viewable?, which incurred about 7% of the time. Improves #14775 2016-07-30 00:04:04 -04:00			`return unless blob`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00
			`edit_path = namespace_project_edit_blob_path(project.namespace, project,`
			`tree_join(ref, path),`
edit_blob_link can receive the blob to avoid access to the repository 2016-08-17 11:05:00 -04:00			`options[:link_opts])`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00
Fix MR diff 'Edit' button 2016-01-21 16:46:49 -05:00			`if !on_top_of_branch?(project, ref)`
removes old css class from everywhere 2017-02-02 07:22:32 -05:00			`button_tag "Edit", class: "btn disabled has-tooltip", title: "You can only edit files when you are on a branch", data: { container: 'body' }`
Fix MR diff 'Edit' button 2016-01-21 16:46:49 -05:00			`elsif can_edit_blob?(blob, project, ref)`
Fix on-hover state for 'Edit' button on tree view 2016-06-21 07:27:20 -04:00			`link_to "Edit", edit_path, class: 'btn btn-sm'`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00			`elsif can?(current_user, :fork_project, project)`
			`continue_params = {`
			`to: edit_path,`
			`notice: edit_in_new_fork_notice,`
			`notice_now: edit_in_new_fork_notice_now`
			`}`
Fix broken specs. #2406 2016-01-11 21:50:02 -05:00			`fork_path = namespace_project_forks_path(project.namespace, project, namespace_key: current_user.namespace.id, continue: continue_params)`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00
removes old css class from everywhere 2017-02-02 07:22:32 -05:00			`link_to "Edit", fork_path, class: 'btn', method: :post`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00			`end`
			`end`

			`def modify_file_link(project = @project, ref = @ref, path = @path, label:, action:, btn_class:, modal_type:)`
			`return unless current_user`

			`blob = project.repository.blob_at(ref, path) rescue nil`

			`return unless blob`

Fix MR diff 'Edit' button 2016-01-21 16:46:49 -05:00			`if !on_top_of_branch?(project, ref)`
change the css class has_tooltip to has-tooltip universally 2016-03-20 15:01:46 -04:00			`button_tag label, class: "btn btn-#{btn_class} disabled has-tooltip", title: "You can only #{action} files when you are on a branch", data: { container: 'body' }`
Fix specs and behavior for LFS files 2015-12-18 10:14:12 -05:00			`elsif blob.lfs_pointer?`
change the css class has_tooltip to has-tooltip universally 2016-03-20 15:01:46 -04:00			`button_tag label, class: "btn btn-#{btn_class} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' }`
Fix MR diff 'Edit' button 2016-01-21 16:46:49 -05:00			`elsif can_edit_blob?(blob, project, ref)`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00			`button_tag label, class: "btn btn-#{btn_class}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal'`
			`elsif can?(current_user, :fork_project, project)`
			`continue_params = {`
			`to: request.fullpath,`
			`notice: edit_in_new_fork_notice + " Try to #{action} this file again.",`
			`notice_now: edit_in_new_fork_notice_now`
			`}`
Fix broken specs. #2406 2016-01-11 21:50:02 -05:00			`fork_path = namespace_project_forks_path(project.namespace, project, namespace_key: current_user.namespace.id, continue: continue_params)`
Automatically fork a project when not allowed to edit a file. 2015-12-18 04:03:34 -05:00
			`link_to label, fork_path, class: "btn btn-#{btn_class}", method: :post`
			`end`
			`end`

			`def replace_blob_link(project = @project, ref = @ref, path = @path)`
			`modify_file_link(`
			`project,`
			`ref,`
			`path,`
			`label: "Replace",`
			`action: "replace",`
			`btn_class: "default",`
			`modal_type: "upload"`
			`)`
			`end`

			`def delete_blob_link(project = @project, ref = @ref, path = @path)`
			`modify_file_link(`
			`project,`
			`ref,`
			`path,`
			`label: "Delete",`
			`action: "delete",`
			`btn_class: "remove",`
			`modal_type: "remove"`
			`)`
			`end`

			`def can_edit_blob?(blob, project = @project, ref = @ref)`
			`!blob.lfs_pointer? && can_edit_tree?(project, ref)`
Refactor blob helpers 2015-01-26 18:03:14 -05:00			`end`

			`def leave_edit_message`
			`"Leave edit mode?\nAll unsaved changes will be lost."`
			`end`

			`def editing_preview_title(filename)`
Rename MarkdownHelper to MarkupHelper 2015-05-12 19:40:11 -04:00			`if Gitlab::MarkupHelper.previewable?(filename)`
Refactor blob helpers 2015-01-26 18:03:14 -05:00			`'Preview'`
			`else`
Capitalize tab titles 2015-12-02 08:53:11 -05:00			`'Preview Changes'`
Refactor blob helpers 2015-01-26 18:03:14 -05:00			`end`
			`end`
Improve file icons rendering on tree 2014-10-04 06:29:18 -04:00
			`# Return an image icon depending on the file mode and extension`
			`#`
			`# mode - File unix mode`
			`# mode - File name`
			`def blob_icon(mode, name)`
			`icon("#{file_type_icon_class('file', mode, name)} fw")`
			`end`
Add specs for showing lfs object in UI. 2015-12-07 09:03:50 -05:00
Fix specs and behavior for LFS files 2015-12-18 10:14:12 -05:00			`def blob_text_viewable?(blob)`
Fix Error 500 when viewing a blob with binary characters after the 1024-byte mark Here was the problem: 1. When determining whether a given blob is viewable text, gitlab_git reads the first 1024 bytes and checks with Linguist whether it is a text or binary file. 2. If the blob is text, GitLab will attempt to display it. 3. However, if the text has binary characters after the first 1024 bytes, then GitLab will attempt to load the entire contents, but the encoding will be ASCII-8BIT since there are binary characters. 4. The Error 500 results when GitLab attempts to display a mix UTF-8 and ASCII-8BIT. To fix this, we load as much data as we are willing to display so that the detection will work properly. Requires an update to gitlab_git: gitlab-org/gitlab_git!86 Closes #13826 2016-05-24 01:59:35 -04:00			`blob && blob.text? && !blob.lfs_pointer? && !blob.only_display_raw?`
Add specs for showing lfs object in UI. 2015-12-07 09:03:50 -05:00			`end`

			`def blob_size(blob)`
			`if blob.lfs_pointer?`
			`blob.lfs_size`
			`else`
			`blob.size`
			`end`
			`end`
Render sanitized SVG images Closes https://github.com/gitlabhq/gitlabhq/issues/9265 2015-09-12 23:54:06 -04:00
			`# SVGs can contain malicious JavaScript; only include whitelisted`
			`# elements and attributes. Note that this whitelist is by no means complete`
			`# and may omit some elements.`
			`def sanitize_svg(blob)`
Update SVG sanitizer to conform to SVG 1.1 Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate to handle case-sensitive SVG attributes. sanitize parses documents as HTML instead of XML, which causes all SVG attribute names (e.g. viewBox) to be downcased. * SVG element list: https://www.w3.org/TR/SVG/eltindex.html * SVG attribute list: https://www.w3.org/TR/SVG/attindex.html Closes #14555 2016-03-25 01:39:58 -04:00			`blob.data = Gitlab::Sanitizers::SVG.clean(blob.data)`
Render sanitized SVG images Closes https://github.com/gitlabhq/gitlabhq/issues/9265 2015-09-12 23:54:06 -04:00			`blob`
			`end`
Explain why we mangle blob content types 2016-02-24 05:53:30 -05:00
			`# If we blindly set the 'real' content type when serving a Git blob we`
			`# are enabling XSS attacks. An attacker could upload e.g. a Javascript`
			`# file to a Git repository, trick the browser of a victim into`
			`# downloading the blob, and then the 'application/javascript' content`
			`# type would tell the browser to execute the attacker's Javascript. By`
			`# overriding the content type and setting it to 'text/plain' (in the`
			`# example of Javascript) we tell the browser of the victim not to`
			`# execute untrusted data.`
			`def safe_content_type(blob)`
			`if blob.text?`
			`'text/plain; charset=utf-8'`
			`elsif blob.image?`
			`blob.content_type`
			`else`
			`'application/octet-stream'`
			`end`
			`end`
Tell clients/proxies to cache raw blob requests 2016-03-03 11:59:47 -05:00
Refactor caching code 2016-03-07 08:27:53 -05:00			`def cached_blob?`
			`stale = stale?(etag: @blob.id) # The #stale? method sets cache headers.`

			`# Because we are opionated we set the cache headers ourselves.`
Use Rails etag/cache_control helpers 2016-03-07 10:49:46 -05:00			`response.cache_control[:public] = @project.public?`
Tell clients/proxies to cache raw blob requests 2016-03-03 11:59:47 -05:00
			`if @ref && @commit && @ref == @commit.id`
			`# This is a link to a commit by its commit SHA. That means that the blob`
Refactor caching code 2016-03-07 08:27:53 -05:00			`# is immutable. The only reason to invalidate the cache is if the commit`
			`# was deleted or if the user lost access to the repository.`
Use Rails etag/cache_control helpers 2016-03-07 10:49:46 -05:00			`response.cache_control[:max_age] = Blob::CACHE_TIME_IMMUTABLE`
Tell clients/proxies to cache raw blob requests 2016-03-03 11:59:47 -05:00			`else`
			`# A branch or tag points at this blob. That means that the expected blob`
			`# value may change over time.`
Use Rails etag/cache_control helpers 2016-03-07 10:49:46 -05:00			`response.cache_control[:max_age] = Blob::CACHE_TIME`
Tell clients/proxies to cache raw blob requests 2016-03-03 11:59:47 -05:00			`end`

Use Rails etag/cache_control helpers 2016-03-07 10:49:46 -05:00			`response.etag = @blob.id`
Refactor caching code 2016-03-07 08:27:53 -05:00			`!stale`
Tell clients/proxies to cache raw blob requests 2016-03-03 11:59:47 -05:00			`end`
Continue implementation of the license template selector and /licenses API endpoint Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-04-11 09:49:25 -04:00
			`def licenses_for_select`
			`return @licenses_for_select if defined?(@licenses_for_select)`

			`licenses = Licensee::License.all`

			`@licenses_for_select = {`
Implements TemplateDropdown class to create custom template dropdowns Also License dropdown has been ported to use our GL dropdown instead of Select2. Fixes tests to make it work with current implementation 2016-06-15 03:12:42 -04:00			`Popular: licenses.select(&:featured).map { \|license\| { name: license.name, id: license.key } },`
			`Other: licenses.reject(&:featured).map { \|license\| { name: license.name, id: license.key } }`
Continue implementation of the license template selector and /licenses API endpoint Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-04-11 09:49:25 -04:00			`}`
			`end`
Backend for a gitignores dropdown 2016-04-29 10:25:03 -04:00
Load issues and merge requests templates from repository 2016-06-24 15:43:46 -04:00			`def ref_project`
			`@ref_project \|\|= @target_project \|\| @project`
			`end`

Dropdown implementation 2016-05-13 11:57:03 -04:00			`def gitignore_names`
Load issues and merge requests templates from repository 2016-06-24 15:43:46 -04:00			`@gitignore_names \|\|= Gitlab::Template::GitignoreTemplate.dropdown_names`
Implement backend gitlab ci dropdown This commit builds on the groundwork in ee008e300b1ec0abcc90e6a30816ec0754cea0dd, which refactored the backend so the same code could be used for new dropdowns. In this commit its used for templates for the `.gitlab-ci.yml` files. 2016-06-02 12:20:08 -04:00			`end`
Dropdown implementation 2016-05-11 20:38:43 -04:00
Implement backend gitlab ci dropdown This commit builds on the groundwork in ee008e300b1ec0abcc90e6a30816ec0754cea0dd, which refactored the backend so the same code could be used for new dropdowns. In this commit its used for templates for the `.gitlab-ci.yml` files. 2016-06-02 12:20:08 -04:00			`def gitlab_ci_ymls`
Introduce "Set up autodeploy" button to help configure GitLab CI for deployment The button allows to choose a ".gitlab-ci.yml" template that automatically sets up the deployment of an application. The currently supported template is Kubernetes template. 2016-12-21 10:21:55 -05:00			`@gitlab_ci_ymls \|\|= Gitlab::Template::GitlabCiYmlTemplate.dropdown_names(params[:context])`
Backend for a gitignores dropdown 2016-04-29 10:25:03 -04:00			`end`
Move editor paths to helper 2016-08-19 11:17:14 -04:00
Allow to use Dockerfile templates 2016-11-02 11:41:32 -04:00			`def dockerfile_names`
			`@dockerfile_names \|\|= Gitlab::Template::DockerfileTemplate.dropdown_names`
			`end`

Move editor paths to helper 2016-08-19 11:17:14 -04:00			`def blob_editor_paths`
			`{`
			`'relative-url-root' => Rails.application.config.relative_url_root,`
			`'assets-prefix' => Gitlab::Application.config.assets.prefix,`
			`'blob-language' => @blob && @blob.language.try(:ace_mode)`
			`}`
			`end`
Specify language detection for highlight.js Because I am tired of CHANGELOG highlighted as sql file :) Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-07 08:46:58 -04:00			`end`