Merge branch '17014-remove-rails-deprecated_sanitizer' into 'master'
Resolve "Remove rails-deprecated_sanitizer" Closes #17014 See merge request gitlab-org/gitlab-ce!27268
This commit is contained in:
commit
d83eb63bee
1
Gemfile
1
Gemfile
|
@ -1,7 +1,6 @@
|
||||||
source 'https://rubygems.org'
|
source 'https://rubygems.org'
|
||||||
|
|
||||||
gem 'rails', '5.0.7.2'
|
gem 'rails', '5.0.7.2'
|
||||||
gem 'rails-deprecated_sanitizer', '~> 1.0.3'
|
|
||||||
|
|
||||||
# Improves copy-on-write performance for MRI
|
# Improves copy-on-write performance for MRI
|
||||||
gem 'nakayoshi_fork', '~> 0.0.4'
|
gem 'nakayoshi_fork', '~> 0.0.4'
|
||||||
|
|
|
@ -654,8 +654,6 @@ GEM
|
||||||
actionpack (~> 5.x, >= 5.0.1)
|
actionpack (~> 5.x, >= 5.0.1)
|
||||||
actionview (~> 5.x, >= 5.0.1)
|
actionview (~> 5.x, >= 5.0.1)
|
||||||
activesupport (~> 5.x)
|
activesupport (~> 5.x)
|
||||||
rails-deprecated_sanitizer (1.0.3)
|
|
||||||
activesupport (>= 4.2.0.alpha)
|
|
||||||
rails-dom-testing (2.0.3)
|
rails-dom-testing (2.0.3)
|
||||||
activesupport (>= 4.2.0)
|
activesupport (>= 4.2.0)
|
||||||
nokogiri (>= 1.6)
|
nokogiri (>= 1.6)
|
||||||
|
@ -1111,7 +1109,6 @@ DEPENDENCIES
|
||||||
rack-proxy (~> 0.6.0)
|
rack-proxy (~> 0.6.0)
|
||||||
rails (= 5.0.7.2)
|
rails (= 5.0.7.2)
|
||||||
rails-controller-testing
|
rails-controller-testing
|
||||||
rails-deprecated_sanitizer (~> 1.0.3)
|
|
||||||
rails-i18n (~> 5.1)
|
rails-i18n (~> 5.1)
|
||||||
rainbow (~> 3.0)
|
rainbow (~> 3.0)
|
||||||
raindrops (~> 0.18)
|
raindrops (~> 0.18)
|
||||||
|
|
|
@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController
|
||||||
|
|
||||||
# rubocop: disable CodeReuse/ActiveRecord
|
# rubocop: disable CodeReuse/ActiveRecord
|
||||||
def create
|
def create
|
||||||
branch_name = sanitize(strip_tags(params[:branch_name]))
|
branch_name = strip_tags(sanitize(params[:branch_name]))
|
||||||
branch_name = Addressable::URI.unescape(branch_name)
|
branch_name = Addressable::URI.unescape(branch_name)
|
||||||
|
|
||||||
redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present?
|
redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present?
|
||||||
|
@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController
|
||||||
|
|
||||||
def ref
|
def ref
|
||||||
if params[:ref]
|
if params[:ref]
|
||||||
ref_escaped = sanitize(strip_tags(params[:ref]))
|
ref_escaped = strip_tags(sanitize(params[:ref]))
|
||||||
Addressable::URI.unescape(ref_escaped)
|
Addressable::URI.unescape(ref_escaped)
|
||||||
else
|
else
|
||||||
@project.default_branch || 'master'
|
@project.default_branch || 'master'
|
||||||
|
|
|
@ -241,9 +241,7 @@ module MarkupHelper
|
||||||
node.remove if node.name == 'a' && node.content.blank?
|
node.remove if node.name == 'a' && node.content.blank?
|
||||||
end
|
end
|
||||||
|
|
||||||
# Use `Loofah` directly instead of `sanitize`
|
sanitize text, scrubber: scrubber
|
||||||
# as we still use the `rails-deprecated_sanitizer` gem
|
|
||||||
Loofah.fragment(text).scrub!(scrubber).to_s
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def markdown_toolbar_button(options = {})
|
def markdown_toolbar_button(options = {})
|
||||||
|
|
|
@ -164,8 +164,6 @@ module Gitlab
|
||||||
# Version of your assets, change this if you want to expire all your assets
|
# Version of your assets, change this if you want to expire all your assets
|
||||||
config.assets.version = '1.0'
|
config.assets.version = '1.0'
|
||||||
|
|
||||||
config.action_view.sanitized_allowed_protocols = %w(smb)
|
|
||||||
|
|
||||||
# Can be removed once upgraded to Rails 5.1 or higher
|
# Can be removed once upgraded to Rails 5.1 or higher
|
||||||
config.action_controller.raise_on_unfiltered_parameters = true
|
config.action_controller.raise_on_unfiltered_parameters = true
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue