kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch '42159-utf8-uploads' into 'master'

Browse source 
Correctly escape UTF-8 path elements for uploads

Closes #42159

See merge request gitlab-org/gitlab-ce!16560
This commit is contained in:
Douwe Maan 2018-01-19 08:44:55 +00:00
commit 812413863b
3 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/unreleased/42159-utf8-uploads.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Correctly escape UTF-8 path elements for uploads
merge_request: 16560
author:
type: fixed

6
lib/banzai/filter/relative_link_filter.rb
View file

@ -50,7 +50,7 @@ module Banzai
end end
def process_link_to_upload_attr(html_attr) def process_link_to_upload_attr(html_attr)
path_parts = [html_attr.value] path_parts = [Addressable::URI.unescape(html_attr.value)]
if group if group
path_parts.unshift(relative_url_root, 'groups', group.full_path, '-') path_parts.unshift(relative_url_root, 'groups', group.full_path, '-')
@ -58,13 +58,13 @@ module Banzai
path_parts.unshift(relative_url_root, project.full_path) path_parts.unshift(relative_url_root, project.full_path)
end end
path = File.join(*path_parts) path = Addressable::URI.escape(File.join(*path_parts))
html_attr.value = html_attr.value =
if context[:only_path] if context[:only_path]
path path
else else
URI.join(Gitlab.config.gitlab.base_url, path).to_s Addressable::URI.join(Gitlab.config.gitlab.base_url, path).to_s
end end
end end

19
spec/lib/banzai/filter/relative_link_filter_spec.rb
View file

@ -278,18 +278,19 @@ describe Banzai::Filter::RelativeLinkFilter do
expect(doc.at_css('a')['href']).to eq 'http://example.com' expect(doc.at_css('a')['href']).to eq 'http://example.com'
end end
it 'supports Unicode filenames' do it 'supports unescaped Unicode filenames' do
path = '/uploads/한글.png'
doc = filter(link(path))
expect(doc.at_css('a')['href']).to eq("/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png")
end
it 'supports escaped Unicode filenames' do
path = '/uploads/한글.png' path = '/uploads/한글.png'
escaped = Addressable::URI.escape(path) escaped = Addressable::URI.escape(path)
# Stub these methods so the file doesn't actually need to be in the repo
allow_any_instance_of(described_class)
.to receive(:file_exists?).and_return(true)
allow_any_instance_of(described_class)
.to receive(:image?).with(path).and_return(true)
doc = filter(image(escaped)) doc = filter(image(escaped))
expect(doc.at_css('img')['src']).to match "/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png"
expect(doc.at_css('img')['src']).to eq("/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png")
end end
end end