diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-08-01 23:33:33 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2015-08-01 23:33:33 -0700 |
| commit | 208e07fe6f4f5954f01462be6d5b595ec8d2fedf (patch) | |
| tree | 3ff00259736ecaf6b5a07df7ec2119b4eafdba2c | |
| parent | bdb4288ab82bab14619fe817020e90e48a97e1d4 (diff) | |
| download | gitlab-ce-208e07fe6f4f5954f01462be6d5b595ec8d2fedf.tar.gz | |
Fix errors deleting and creating branches with encoded slashes
Closes #1804
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/projects/branches_controller.rb | 7 | ||||
| -rw-r--r-- | spec/controllers/branches_controller_spec.rb | 20 |
3 files changed, 25 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG index 8dc23cf175f..493d6122b99 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.14.0 (unreleased) + - Fix errors deleting and creating branches with encoded slashes (Stan Hu) - Fix multi-line syntax highlighting (Stan Hu) - Fix network graph when branch name has single quotes (Stan Hu) - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu) diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 117ae3aaa3d..3ac0a75fa70 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -17,7 +17,9 @@ class Projects::BranchesController < Projects::ApplicationController def create branch_name = sanitize(strip_tags(params[:branch_name])) + branch_name = Addressable::URI.unescape(branch_name) ref = sanitize(strip_tags(params[:ref])) + ref = Addressable::URI.unescape(ref) result = CreateBranchService.new(project, current_user). execute(branch_name, ref) @@ -32,9 +34,8 @@ class Projects::BranchesController < Projects::ApplicationController end def destroy - status = DeleteBranchService.new(project, current_user).execute(params[:id]) - @branch_name = params[:id] - + @branch_name = Addressable::URI.unescape(params[:id]) + status = DeleteBranchService.new(project, current_user).execute(@branch_name) respond_to do |format| format.html do redirect_to namespace_project_branches_path(@project.namespace, diff --git a/spec/controllers/branches_controller_spec.rb b/spec/controllers/branches_controller_spec.rb index bd4c946b64b..8e06d4bdc77 100644 --- a/spec/controllers/branches_controller_spec.rb +++ b/spec/controllers/branches_controller_spec.rb @@ -54,6 +54,13 @@ describe Projects::BranchesController do let(:ref) { "<script>alert('ref');</script>" } it { is_expected.to render_template('new') } end + + context "valid branch name with encoded slashes" do + let(:branch) { "feature%2Ftest" } + let(:ref) { "<script>alert('ref');</script>" } + it { is_expected.to render_template('new') } + it { project.repository.branch_names.include?('feature/test')} + end end describe "POST destroy" do @@ -74,6 +81,19 @@ describe Projects::BranchesController do it { expect(subject).to render_template('destroy') } end + context "valid branch name with unencoded slashes" do + let(:branch) { "improve/awesome" } + + it { expect(response.status).to eq(200) } + it { expect(subject).to render_template('destroy') } + end + + context "valid branch name with encoded slashes" do + let(:branch) { "improve%2Fawesome" } + + it { expect(response.status).to eq(200) } + it { expect(subject).to render_template('destroy') } + end context "invalid branch name, valid ref" do let(:branch) { "no-branch" } |