Add latest changes from gitlab-org/gitlab@master

2 files changed, 28 insertions, 1 deletions

diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 153be58f8ad..c885369dfec 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -167,7 +167,7 @@ module Projects
     end
 
     def readme_content
-      @readme_template.presence || experiment(:new_project_readme_content, namespace: @project.namespace).run_with(@project)
+      @readme_template.presence || ReadmeRendererService.new(@project, current_user).execute
     end
 
     def skip_wiki?
diff --git a/app/services/projects/readme_renderer_service.rb b/app/services/projects/readme_renderer_service.rb
new file mode 100644
index 00000000000..6871976aded
--- /dev/null
+++ b/app/services/projects/readme_renderer_service.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Projects
+  class ReadmeRendererService < BaseService
+    include Rails.application.routes.url_helpers
+
+    TEMPLATE_PATH = Rails.root.join('app', 'views', 'projects', 'readme_templates')
+
+    def execute
+      render(params[:template_name] || :default)
+    end
+
+    private
+
+    def render(template_name)
+      ERB.new(File.read(sanitized_filename(template_name)), trim_mode: '<>').result(binding)
+    end
+
+    def sanitized_filename(template_name)
+      path = Gitlab::Utils.check_path_traversal!("#{template_name}.md.tt")
+      path = TEMPLATE_PATH.join(path).to_s
+      Gitlab::Utils.check_allowed_absolute_path!(path, [TEMPLATE_PATH.to_s])
+
+      path
+    end
+  end
+end