Add latest changes from gitlab-org/gitlab@master

2 files changed, 19 insertions, 17 deletions

diff --git a/lib/banzai/filter/video_link_filter.rb b/lib/banzai/filter/video_link_filter.rb
index a35b0d7a0b5..0e329339474 100644
--- a/lib/banzai/filter/video_link_filter.rb
+++ b/lib/banzai/filter/video_link_filter.rb
@@ -8,8 +8,8 @@ module Banzai
     # a "Download" link in the case the video cannot be played.
     class VideoLinkFilter < HTML::Pipeline::Filter
       def call
-        doc.xpath(query).each do |el|
-          el.replace(video_node(doc, el))
+        doc.xpath('descendant-or-self::img[not(ancestor::a)]').each do |el|
+          el.replace(video_node(doc, el)) if has_video_extension?(el)
         end
 
         doc
@@ -17,22 +17,13 @@ module Banzai
 
       private
 
-      def query
-        @query ||= begin
-          src_query = UploaderHelper::SAFE_VIDEO_EXT.map do |ext|
-            "'.#{ext}' = substring(@src, string-length(@src) - #{ext.size})"
-          end
+      def has_video_extension?(element)
+        src = element.attr('data-canonical-src').presence || element.attr('src')
 
-          if context[:asset_proxy_enabled].present?
-            src_query.concat(
-              UploaderHelper::SAFE_VIDEO_EXT.map do |ext|
-                "'.#{ext}' = substring(@data-canonical-src, string-length(@data-canonical-src) - #{ext.size})"
-              end
-            )
-          end
+        return unless src.present?
 
-          "descendant-or-self::img[not(ancestor::a) and (#{src_query.join(' or ')})]"
-        end
+        src_ext = File.extname(src).sub('.', '').downcase
+        Gitlab::FileTypeDetection::SAFE_VIDEO_EXT.include?(src_ext)
       end
 
       def video_node(doc, element)
diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb
index 907e031a02e..b18f0eed1fa 100644
--- a/lib/gitlab/middleware/read_only/controller.rb
+++ b/lib/gitlab/middleware/read_only/controller.rb
@@ -20,6 +20,10 @@ module Gitlab
           'projects/lfs_locks_api' => %w{verify create unlock}
         }.freeze
 
+        WHITELISTED_GIT_REVISION_ROUTES = {
+          'projects/compare' => %w{create}
+        }.freeze
+
         GRAPHQL_URL = '/api/graphql'
 
         def initialize(app, env)
@@ -81,7 +85,7 @@ module Gitlab
 
         # Overridden in EE module
         def whitelisted_routes
-          grack_route? || internal_route? || lfs_route? || sidekiq_route? || graphql_query?
+          grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || graphql_query?
         end
 
         def grack_route?
@@ -96,6 +100,13 @@ module Gitlab
           ReadOnly.internal_routes.any? { |path| request.path.include?(path) }
         end
 
+        def compare_git_revisions_route?
+          # Calling route_hash may be expensive. Only do it if we think there's a possible match
+          return false unless request.post? && request.path.end_with?('compare')
+
+          WHITELISTED_GIT_REVISION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+        end
+
         def lfs_route?
           # Calling route_hash may be expensive. Only do it if we think there's a possible match
           unless request.path.end_with?('/info/lfs/objects/batch',