Fix errors deleting and creating branches with encoded slashes
Closes #1804
This commit is contained in:
parent
bdb4288ab8
commit
208e07fe6f
|
@ -1,6 +1,7 @@
|
|||
Please view this file on the master branch, on stable branches it's out of date.
|
||||
|
||||
v 7.14.0 (unreleased)
|
||||
- Fix errors deleting and creating branches with encoded slashes (Stan Hu)
|
||||
- Fix multi-line syntax highlighting (Stan Hu)
|
||||
- Fix network graph when branch name has single quotes (Stan Hu)
|
||||
- Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu)
|
||||
|
|
|
@ -17,7 +17,9 @@ class Projects::BranchesController < Projects::ApplicationController
|
|||
|
||||
def create
|
||||
branch_name = sanitize(strip_tags(params[:branch_name]))
|
||||
branch_name = Addressable::URI.unescape(branch_name)
|
||||
ref = sanitize(strip_tags(params[:ref]))
|
||||
ref = Addressable::URI.unescape(ref)
|
||||
result = CreateBranchService.new(project, current_user).
|
||||
execute(branch_name, ref)
|
||||
|
||||
|
@ -32,9 +34,8 @@ class Projects::BranchesController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def destroy
|
||||
status = DeleteBranchService.new(project, current_user).execute(params[:id])
|
||||
@branch_name = params[:id]
|
||||
|
||||
@branch_name = Addressable::URI.unescape(params[:id])
|
||||
status = DeleteBranchService.new(project, current_user).execute(@branch_name)
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
redirect_to namespace_project_branches_path(@project.namespace,
|
||||
|
|
|
@ -54,6 +54,13 @@ describe Projects::BranchesController do
|
|||
let(:ref) { "<script>alert('ref');</script>" }
|
||||
it { is_expected.to render_template('new') }
|
||||
end
|
||||
|
||||
context "valid branch name with encoded slashes" do
|
||||
let(:branch) { "feature%2Ftest" }
|
||||
let(:ref) { "<script>alert('ref');</script>" }
|
||||
it { is_expected.to render_template('new') }
|
||||
it { project.repository.branch_names.include?('feature/test')}
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST destroy" do
|
||||
|
@ -74,6 +81,19 @@ describe Projects::BranchesController do
|
|||
it { expect(subject).to render_template('destroy') }
|
||||
end
|
||||
|
||||
context "valid branch name with unencoded slashes" do
|
||||
let(:branch) { "improve/awesome" }
|
||||
|
||||
it { expect(response.status).to eq(200) }
|
||||
it { expect(subject).to render_template('destroy') }
|
||||
end
|
||||
|
||||
context "valid branch name with encoded slashes" do
|
||||
let(:branch) { "improve%2Fawesome" }
|
||||
|
||||
it { expect(response.status).to eq(200) }
|
||||
it { expect(subject).to render_template('destroy') }
|
||||
end
|
||||
context "invalid branch name, valid ref" do
|
||||
let(:branch) { "no-branch" }
|
||||
|
||||
|
|
Loading…
Reference in New Issue