root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Fix errors deleting and creating branches with encoded slashes 

Closes #1804
This commit is contained in:
Stan Hu 2015-08-01 23:33:33 -07:00
parent bdb4288ab8
commit 208e07fe6f
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -1,6 +1,7 @@
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 7.14.0 (unreleased) v 7.14.0 (unreleased)
- Fix errors deleting and creating branches with encoded slashes (Stan Hu)
- Fix multi-line syntax highlighting (Stan Hu) - Fix multi-line syntax highlighting (Stan Hu)
- Fix network graph when branch name has single quotes (Stan Hu) - Fix network graph when branch name has single quotes (Stan Hu)
- Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu) - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu)

7
app/controllers/projects/branches_controller.rb
View File

@ -17,7 +17,9 @@ class Projects::BranchesController < Projects::ApplicationController
def create def create
branch_name = sanitize(strip_tags(params[:branch_name])) branch_name = sanitize(strip_tags(params[:branch_name]))
branch_name = Addressable::URI.unescape(branch_name)
ref = sanitize(strip_tags(params[:ref])) ref = sanitize(strip_tags(params[:ref]))
ref = Addressable::URI.unescape(ref)
result = CreateBranchService.new(project, current_user). result = CreateBranchService.new(project, current_user).
execute(branch_name, ref) execute(branch_name, ref)
@ -32,9 +34,8 @@ class Projects::BranchesController < Projects::ApplicationController
end end
def destroy def destroy
status = DeleteBranchService.new(project, current_user).execute(params[:id]) @branch_name = Addressable::URI.unescape(params[:id])
@branch_name = params[:id] status = DeleteBranchService.new(project, current_user).execute(@branch_name)
respond_to do |format| respond_to do |format|
format.html do format.html do
redirect_to namespace_project_branches_path(@project.namespace, redirect_to namespace_project_branches_path(@project.namespace,

20
spec/controllers/branches_controller_spec.rb
View File

@ -54,6 +54,13 @@ describe Projects::BranchesController do
let(:ref) { "<script>alert('ref');</script>" } let(:ref) { "<script>alert('ref');</script>" }
it { is_expected.to render_template('new') } it { is_expected.to render_template('new') }
end end
context "valid branch name with encoded slashes" do
let(:branch) { "feature%2Ftest" }
let(:ref) { "<script>alert('ref');</script>" }
it { is_expected.to render_template('new') }
it { project.repository.branch_names.include?('feature/test')}
end
end end
describe "POST destroy" do describe "POST destroy" do
@ -74,6 +81,19 @@ describe Projects::BranchesController do
it { expect(subject).to render_template('destroy') } it { expect(subject).to render_template('destroy') }
end end
context "valid branch name with unencoded slashes" do
let(:branch) { "improve/awesome" }
it { expect(response.status).to eq(200) }
it { expect(subject).to render_template('destroy') }
end
context "valid branch name with encoded slashes" do
let(:branch) { "improve%2Fawesome" }
it { expect(response.status).to eq(200) }
it { expect(subject).to render_template('destroy') }
end
context "invalid branch name, valid ref" do context "invalid branch name, valid ref" do
let(:branch) { "no-branch" } let(:branch) { "no-branch" }