diff options
author | Robert Speicher <robert@gitlab.com> | 2016-01-18 17:31:32 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-01-18 12:38:42 -0500 |
commit | 0b7e1e9eb289ef477ce443f267a410eb4355ab66 (patch) | |
tree | a2c248341121ae6e3ad3b29ac0c4d4d56c120c77 /config | |
parent | 99b339497af7b76b10133f335981c6d9114bb3ee (diff) | |
download | gitlab-ce-0b7e1e9eb289ef477ce443f267a410eb4355ab66.tar.gz |
Merge branch 'fix-gravator-default-url' into 'master'
Ensure Gravatar host looks like an actual host
Solves #10243.
I've chosen to simplify the method that extracts the host: since we
only need the host, let's get rid of the path and thus get rid of the
escaping problems!
Unit tests should ensure that most of the cases are covered.
See merge request !2482
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/1_settings.rb | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index d625a909bf1..04a7c16ebde 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -9,13 +9,8 @@ class Settings < Settingslogic gitlab.port.to_i == (gitlab.https ? 443 : 80) end - # get host without www, thanks to http://stackoverflow.com/a/6674363/1233435 - def get_host_without_www(url) - url = CGI.escape(url) - uri = URI.parse(url) - uri = URI.parse("http://#{url}") if uri.scheme.nil? - host = uri.host.downcase - host.start_with?('www.') ? host[4..-1] : host + def host_without_www(url) + host(url).sub('www.', '') end def build_gitlab_ci_url @@ -87,6 +82,17 @@ class Settings < Settingslogic custom_port ] end + + # Extract the host part of the given +url+. + def host(url) + url = url.downcase + url = "http://#{url}" unless url.start_with?('http') + + # Get rid of the path so that we don't even have to encode it + url_without_path = url.sub(%r{(https?://[^\/]+)/?.*}, '\1') + + URI.parse(url_without_path).host + end end end @@ -228,7 +234,7 @@ Settings['gravatar'] ||= Settingslogic.new({}) Settings.gravatar['enabled'] = true if Settings.gravatar['enabled'].nil? Settings.gravatar['plain_url'] ||= 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' Settings.gravatar['ssl_url'] ||= 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' -Settings.gravatar['host'] = Settings.get_host_without_www(Settings.gravatar['plain_url']) +Settings.gravatar['host'] = Settings.host_without_www(Settings.gravatar['plain_url']) # # Cron Jobs |