gitlab-org--gitlab-foss/app/services/projects/readme_renderer_service.rb

27 lines
712 B
Ruby

# frozen_string_literal: true
module Projects
class ReadmeRendererService < BaseService
include Rails.application.routes.url_helpers
TEMPLATE_PATH = Rails.root.join('app', 'views', 'projects', 'readme_templates')
def execute
render(params[:template_name] || :default)
end
private
def render(template_name)
ERB.new(File.read(sanitized_filename(template_name)), trim_mode: '<>').result(binding)
end
def sanitized_filename(template_name)
path = Gitlab::Utils.check_path_traversal!("#{template_name}.md.tt")
path = TEMPLATE_PATH.join(path).to_s
Gitlab::Utils.check_allowed_absolute_path!(path, [TEMPLATE_PATH.to_s])
path
end
end
end