Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce

6 files changed, 14 insertions, 16 deletions

diff --git a/app/assets/javascripts/merge_request_widget.js.coffee b/app/assets/javascripts/merge_request_widget.js.coffee
index 17a5a057a94..f58647988a2 100644
--- a/app/assets/javascripts/merge_request_widget.js.coffee
+++ b/app/assets/javascripts/merge_request_widget.js.coffee
@@ -9,11 +9,12 @@ class @MergeRequestWidget
   constructor: (@opts) ->
     $('#modal_merge_info').modal(show: false)
     @firstCICheck = true
-    @readyForCICheck = true
+    @readyForCICheck = false
     clearInterval @fetchBuildStatusInterval
 
     @clearEventListeners()
     @addEventListeners()
+    @getCIStatus(false)
     @pollCIStatus()
     notifyPermissions()
 
@@ -71,7 +72,7 @@ class @MergeRequestWidget
       if data.status is ''
         return
 
-      if @firstCiCheck || data.status isnt @opts.ci_status and data.status?
+      if @firstCICheck || data.status isnt @opts.ci_status and data.status?
         @opts.ci_status = data.status
         @showCIStatus data.status
         if data.coverage
@@ -79,7 +80,7 @@ class @MergeRequestWidget
 
         # The first check should only update the UI, a notification
         # should only be displayed on status changes
-        if showNotification and not @firstCiCheck
+        if showNotification and not @firstCICheck
           status = @ciLabelForStatus(data.status)
 
           if status is "preparing"
@@ -102,7 +103,7 @@ class @MergeRequestWidget
               @close()
               Turbolinks.visit _this.opts.builds_path
           )
-        @firstCiCheck = false
+        @firstCICheck = false
 
   showCIStatus: (state) ->
     $('.ci_widget').hide()
diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb
index 474c6f27374..93241b3afb7 100644
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -131,7 +131,7 @@ module BlobHelper
   # elements and attributes. Note that this whitelist is by no means complete
   # and may omit some elements.
   def sanitize_svg(blob)
-    blob.data = Loofah.scrub_fragment(blob.data, :strip).to_xml
+    blob.data = Gitlab::Sanitizers::SVG.clean(blob.data)
     blob
   end
 
diff --git a/app/models/project.rb b/app/models/project.rb
index dfd1e54ecf7..05e14185a3e 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -10,7 +10,6 @@
 #  updated_at                   :datetime
 #  creator_id                   :integer
 #  issues_enabled               :boolean          default(TRUE), not null
-#  wall_enabled                 :boolean          default(TRUE), not null
 #  merge_requests_enabled       :boolean          default(TRUE), not null
 #  wiki_enabled                 :boolean          default(TRUE), not null
 #  namespace_id                 :integer
@@ -67,7 +66,6 @@ class Project < ActiveRecord::Base
   default_value_for :merge_requests_enabled, gitlab_config_features.merge_requests
   default_value_for :builds_enabled, gitlab_config_features.builds
   default_value_for :wiki_enabled, gitlab_config_features.wiki
-  default_value_for :wall_enabled, false
   default_value_for :snippets_enabled, gitlab_config_features.snippets
   default_value_for(:shared_runners_enabled) { current_application_settings.shared_runners_enabled }
 
@@ -767,7 +765,7 @@ class Project < ActiveRecord::Base
 
   # Check if current branch name is marked as protected in the system
   def protected_branch?(branch_name)
-    protected_branches.where(name: branch_name).any?
+    protected_branch_names.include?(branch_name)
   end
 
   def developers_can_push_to_protected_branch?(branch_name)
diff --git a/app/models/project_wiki.rb b/app/models/project_wiki.rb
index 7c1a61bb0bf..c91cb70ae25 100644
--- a/app/models/project_wiki.rb
+++ b/app/models/project_wiki.rb
@@ -40,7 +40,7 @@ class ProjectWiki
   end
 
   def wiki_base_path
-    ["/", @project.path_with_namespace, "/wikis"].join('')
+    [Gitlab.config.gitlab.url, "/", @project.path_with_namespace, "/wikis"].join('')
   end
 
   # Returns the Gollum::Wiki object.
diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb
index 82a0e2fd1f5..4bdb1b0c074 100644
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -351,7 +351,7 @@ class SystemNoteService
   # Returns an Array of Strings
   def self.new_commit_summary(new_commits)
     new_commits.collect do |commit|
-      "* #{commit.short_id} - #{commit.title}"
+      "* #{commit.short_id} - #{escape_html(commit.title)}"
     end
   end
 
@@ -433,4 +433,8 @@ class SystemNoteService
     body = "Moved #{direction} #{cross_reference}"
     create_note(noteable: noteable, project: project, author: author, note: body)
   end
+
+  def self.escape_html(text)
+    Rack::Utils.escape_html(text)
+  end
 end
diff --git a/app/views/projects/merge_requests/widget/_heading.html.haml b/app/views/projects/merge_requests/widget/_heading.html.haml
index 2ec0d20a879..4d381754610 100644
--- a/app/views/projects/merge_requests/widget/_heading.html.haml
+++ b/app/views/projects/merge_requests/widget/_heading.html.haml
@@ -41,9 +41,4 @@
 
     .ci_widget.ci-error{style: "display:none"}
       = icon("times-circle")
-      Could not connect to the CI server. Please check your settings and try again.
-
-  :javascript
-    $(function() {
-      merge_request_widget.getCIStatus(false);
-    });
+      Could not connect to the CI server. Please check your settings and try again.
\ No newline at end of file