diff options
author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-16 20:09:13 -0300 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-07-05 20:57:09 -0300 |
commit | e186626d25d5a24e2f2c5f0b5082b79bc8bd0ddf (patch) | |
tree | 05a9fe5ac36515ff1146418875daf9147a285d86 /app/models/label.rb | |
parent | cfd5870b62e9d76e564ffc64db1d1281b4a363bb (diff) | |
download | gitlab-ce-e186626d25d5a24e2f2c5f0b5082b79bc8bd0ddf.tar.gz |
Allow '?', or '&' for label titles
Diffstat (limited to 'app/models/label.rb')
-rw-r--r-- | app/models/label.rb | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/app/models/label.rb b/app/models/label.rb index 49c352cc239..115f38c6dfe 100644 --- a/app/models/label.rb +++ b/app/models/label.rb @@ -20,10 +20,10 @@ class Label < ActiveRecord::Base validates :color, color: true, allow_blank: false validates :project, presence: true, unless: Proc.new { |service| service.template? } - # Don't allow '?', '&', and ',' for label titles + # Don't allow ',' for label titles validates :title, presence: true, - format: { with: /\A[^&\?,]+\z/ }, + format: { with: /\A[^,]+\z/ }, uniqueness: { scope: :project_id } before_save :nullify_priority @@ -114,7 +114,7 @@ class Label < ActiveRecord::Base end def title=(value) - write_attribute(:title, Sanitize.clean(value.to_s)) if value.present? + write_attribute(:title, sanitize_title(value)) if value.present? end private @@ -132,4 +132,18 @@ class Label < ActiveRecord::Base def nullify_priority self.priority = nil if priority.blank? end + + def sanitize_title(value) + unnescape_html_entities(Sanitize.clean(value.to_s)) + end + + def unnescape_html_entities(value) + value.to_s.gsub(/(>)|(<)|(&)/, Label::TABLE_FOR_ESCAPE_HTML_ENTITIES.invert) + end + + TABLE_FOR_ESCAPE_HTML_ENTITIES = { + '&' => '&', + '<' => '<', + '>' => '>' + } end |