diff options
author | Zeger-Jan van de Weg <zegerjan@gitlab.com> | 2016-05-11 08:47:04 +0200 |
---|---|---|
committer | Zeger-Jan van de Weg <zegerjan@gitlab.com> | 2016-05-11 08:47:04 +0200 |
commit | 7e6dcf9cd0626c6d0cbbe96ae5327048d2c6849f (patch) | |
tree | 33f22befc61e52178098bf77e57bba7a96aaae86 /app/helpers/issues_helper.rb | |
parent | dccf8a9fc8d4dde91942944f6b47387bfb13c380 (diff) | |
parent | 98d8e3fe9ff4d120469378490c41381ae751597e (diff) | |
download | gitlab-ce-7e6dcf9cd0626c6d0cbbe96ae5327048d2c6849f.tar.gz |
Merge branch 'master' into awardables
Diffstat (limited to 'app/helpers/issues_helper.rb')
-rw-r--r-- | app/helpers/issues_helper.rb | 60 |
1 files changed, 45 insertions, 15 deletions
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb index ac6c6fb25bb..0ea712c8266 100644 --- a/app/helpers/issues_helper.rb +++ b/app/helpers/issues_helper.rb @@ -16,31 +16,49 @@ module IssuesHelper def url_for_project_issues(project = @project, options = {}) return '' if project.nil? - if options[:only_path] - project.issues_tracker.project_path - else - project.issues_tracker.project_url - end + url = + if options[:only_path] + project.issues_tracker.project_path + else + project.issues_tracker.project_url + end + + # Ensure we return a valid URL to prevent possible XSS. + URI.parse(url).to_s + rescue URI::InvalidURIError + '' end def url_for_new_issue(project = @project, options = {}) return '' if project.nil? - if options[:only_path] - project.issues_tracker.new_issue_path - else - project.issues_tracker.new_issue_url - end + url = + if options[:only_path] + project.issues_tracker.new_issue_path + else + project.issues_tracker.new_issue_url + end + + # Ensure we return a valid URL to prevent possible XSS. + URI.parse(url).to_s + rescue URI::InvalidURIError + '' end def url_for_issue(issue_iid, project = @project, options = {}) return '' if project.nil? - if options[:only_path] - project.issues_tracker.issue_path(issue_iid) - else - project.issues_tracker.issue_url(issue_iid) - end + url = + if options[:only_path] + project.issues_tracker.issue_path(issue_iid) + else + project.issues_tracker.issue_url(issue_iid) + end + + # Ensure we return a valid URL to prevent possible XSS. + URI.parse(url).to_s + rescue URI::InvalidURIError + '' end def bulk_update_milestone_options @@ -170,6 +188,18 @@ module IssuesHelper end.to_h end + def due_date_options + options = [ + Issue::AnyDueDate, + Issue::NoDueDate, + Issue::DueThisWeek, + Issue::DueThisMonth, + Issue::Overdue + ] + + options_from_collection_for_select(options, 'name', 'title', params[:due_date]) + end + # Required for Banzai::Filter::IssueReferenceFilter module_function :url_for_issue end |