diff options
| author | Stan Hu <stanhu@gmail.com> | 2016-06-25 03:38:13 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2016-06-25 03:38:13 +0000 |
| commit | 4c767bab58901e878b27a008b1d4d644d107e388 (patch) | |
| tree | dbfbce72ed47f9ee9065c71639f6bddb6e40ad8a | |
| parent | f0ed8930f76bb1e8b340a867dfa240561e622aa6 (diff) | |
| parent | 7627cc19897d1ff8963fde37697e6dc5d32e51ba (diff) | |
| download | gitlab-ce-4c767bab58901e878b27a008b1d4d644d107e388.tar.gz | |
Merge branch 'issue_19096' into 'master'
Validate presence of essential params for diff rendering
## What does this MR do?
Check the presence of essential params before rendering diff content.
## Are there points in the code the reviewer needs to double check?
No
## Why was this MR needed?
To avoid the generated application error
## What are the relevant issue numbers?
#19096
## Screenshots (if relevant)
## Does this MR meet the acceptance criteria?
- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !4917
| -rw-r--r-- | app/controllers/projects/blob_controller.rb | 7 | ||||
| -rw-r--r-- | spec/controllers/projects/blob_controller_spec.rb | 40 |
2 files changed, 47 insertions, 0 deletions
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index cd8b2911674..7599fec3cdf 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -16,6 +16,7 @@ class Projects::BlobController < Projects::ApplicationController before_action :from_merge_request, only: [:edit, :update] before_action :require_branch_head, only: [:edit, :update] before_action :editor_variables, except: [:show, :preview, :diff] + before_action :validate_diff_params, only: :diff def new commit unless @repository.empty? @@ -146,4 +147,10 @@ class Projects::BlobController < Projects::ApplicationController file_content_encoding: params[:encoding] } end + + def validate_diff_params + if [:since, :to, :offset].any? { |key| params[key].blank? } + render nothing: true + end + end end diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb new file mode 100644 index 00000000000..9444a50b1ce --- /dev/null +++ b/spec/controllers/projects/blob_controller_spec.rb @@ -0,0 +1,40 @@ +require 'rails_helper' + +describe Projects::BlobController do + let(:project) { create(:project) } + let(:user) { create(:user) } + + before do + user = create(:user) + project.team << [user, :master] + + sign_in(user) + end + + describe 'GET diff' do + render_views + + def do_get(opts = {}) + params = { namespace_id: project.namespace.to_param, + project_id: project.to_param, + id: 'master/CHANGELOG' } + get :diff, params.merge(opts) + end + + context 'when essential params are missing' do + it 'renders nothing' do + do_get + + expect(response.body).to be_blank + end + end + + context 'when essential params are present' do + it 'renders the diff content' do + do_get(since: 1, to: 5, offset: 10) + + expect(response.body).to be_present + end + end + end +end |