diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/lib/utils/url_utility.js | 24 | ||||
-rw-r--r-- | app/assets/javascripts/releases/components/app_edit_new.vue | 9 | ||||
-rw-r--r-- | app/models/audit_event.rb | 11 | ||||
-rw-r--r-- | app/services/feature_flags/base_service.rb | 6 | ||||
-rw-r--r-- | app/services/feature_flags/create_service.rb | 3 | ||||
-rw-r--r-- | app/services/feature_flags/destroy_service.rb | 2 | ||||
-rw-r--r-- | app/services/feature_flags/update_service.rb | 12 |
7 files changed, 54 insertions, 13 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js index 48abc072675..d68b41b7f7a 100644 --- a/app/assets/javascripts/lib/utils/url_utility.js +++ b/app/assets/javascripts/lib/utils/url_utility.js @@ -545,3 +545,27 @@ export function getURLOrigin(url) { return null; } } + +/** + * Returns `true` if the given `url` resolves to the same origin the page is served + * from; otherwise, returns `false`. + * + * The `url` may be absolute or relative. + * + * @param {string} url The URL to check. + * @returns {boolean} + */ +export function isSameOriginUrl(url) { + if (typeof url !== 'string') { + return false; + } + + const { origin } = window.location; + + try { + return new URL(url, origin).origin === origin; + } catch { + // Invalid URLs cannot have the same origin + return false; + } +} diff --git a/app/assets/javascripts/releases/components/app_edit_new.vue b/app/assets/javascripts/releases/components/app_edit_new.vue index aecd0d6371e..3774f97a060 100644 --- a/app/assets/javascripts/releases/components/app_edit_new.vue +++ b/app/assets/javascripts/releases/components/app_edit_new.vue @@ -2,6 +2,7 @@ import { GlButton, GlFormInput, GlFormGroup, GlSprintf } from '@gitlab/ui'; import { mapState, mapActions, mapGetters } from 'vuex'; import { getParameterByName } from '~/lib/utils/common_utils'; +import { isSameOriginUrl } from '~/lib/utils/url_utility'; import { __ } from '~/locale'; import MilestoneCombobox from '~/milestones/components/milestone_combobox.vue'; import { BACK_URL_PARAM } from '~/releases/constants'; @@ -65,7 +66,13 @@ export default { }, }, cancelPath() { - return getParameterByName(BACK_URL_PARAM) || this.releasesPagePath; + const backUrl = getParameterByName(BACK_URL_PARAM); + + if (isSameOriginUrl(backUrl)) { + return backUrl; + } + + return this.releasesPagePath; }, saveButtonLabel() { return this.isExistingRelease ? __('Save changes') : __('Create release'); diff --git a/app/models/audit_event.rb b/app/models/audit_event.rb index aff7eef4622..11036b76fc1 100644 --- a/app/models/audit_event.rb +++ b/app/models/audit_event.rb @@ -32,6 +32,9 @@ class AuditEvent < ApplicationRecord scope :by_author_id, -> (author_id) { where(author_id: author_id) } after_initialize :initialize_details + + before_validation :sanitize_message + # Note: The intention is to remove this once refactoring of AuditEvent # has proceeded further. # @@ -83,6 +86,14 @@ class AuditEvent < ApplicationRecord private + def sanitize_message + message = details[:custom_message] + + return unless message + + self.details = details.merge(custom_message: Sanitize.clean(message)) + end + def default_author_value ::Gitlab::Audit::NullAuthor.for(author_id, (self[:author_name] || details[:author_name])) end diff --git a/app/services/feature_flags/base_service.rb b/app/services/feature_flags/base_service.rb index f48f95e2550..d041703803b 100644 --- a/app/services/feature_flags/base_service.rb +++ b/app/services/feature_flags/base_service.rb @@ -49,9 +49,9 @@ module FeatureFlags end def created_scope_message(scope) - "Created rule <strong>#{scope.environment_scope}</strong> "\ - "and set it as <strong>#{scope.active ? "active" : "inactive"}</strong> "\ - "with strategies <strong>#{scope.strategies}</strong>." + "Created rule #{scope.environment_scope} "\ + "and set it as #{scope.active ? "active" : "inactive"} "\ + "with strategies #{scope.strategies}." end def feature_flag_by_name diff --git a/app/services/feature_flags/create_service.rb b/app/services/feature_flags/create_service.rb index de3a55d10fc..5c87af561d5 100644 --- a/app/services/feature_flags/create_service.rb +++ b/app/services/feature_flags/create_service.rb @@ -22,8 +22,7 @@ module FeatureFlags private def audit_message(feature_flag) - message_parts = ["Created feature flag <strong>#{feature_flag.name}</strong>", - "with description <strong>\"#{feature_flag.description}\"</strong>."] + message_parts = ["Created feature flag #{feature_flag.name} with description \"#{feature_flag.description}\"."] message_parts += feature_flag.scopes.map do |scope| created_scope_message(scope) diff --git a/app/services/feature_flags/destroy_service.rb b/app/services/feature_flags/destroy_service.rb index c77e3e03ec3..b131a349fc7 100644 --- a/app/services/feature_flags/destroy_service.rb +++ b/app/services/feature_flags/destroy_service.rb @@ -23,7 +23,7 @@ module FeatureFlags end def audit_message(feature_flag) - "Deleted feature flag <strong>#{feature_flag.name}</strong>." + "Deleted feature flag #{feature_flag.name}." end def can_destroy?(feature_flag) diff --git a/app/services/feature_flags/update_service.rb b/app/services/feature_flags/update_service.rb index d956d4b3357..f5ab6f4005b 100644 --- a/app/services/feature_flags/update_service.rb +++ b/app/services/feature_flags/update_service.rb @@ -45,14 +45,14 @@ module FeatureFlags return if changes.empty? - "Updated feature flag <strong>#{feature_flag.name}</strong>. " + changes.join(" ") + "Updated feature flag #{feature_flag.name}. " + changes.join(" ") end def changed_attributes_messages(feature_flag) feature_flag.changes.slice(*AUDITABLE_ATTRIBUTES).map do |attribute_name, changes| "Updated #{attribute_name} "\ - "from <strong>\"#{changes.first}\"</strong> to "\ - "<strong>\"#{changes.second}\"</strong>." + "from \"#{changes.first}\" to "\ + "\"#{changes.second}\"." end end @@ -69,17 +69,17 @@ module FeatureFlags end def deleted_scope_message(scope) - "Deleted rule <strong>#{scope.environment_scope}</strong>." + "Deleted rule #{scope.environment_scope}." end def updated_scope_message(scope) changes = scope.changes.slice(*AUDITABLE_SCOPE_ATTRIBUTES_HUMAN_NAMES.keys) return if changes.empty? - message = "Updated rule <strong>#{scope.environment_scope}</strong> " + message = "Updated rule #{scope.environment_scope} " message += changes.map do |attribute_name, change| name = AUDITABLE_SCOPE_ATTRIBUTES_HUMAN_NAMES[attribute_name] - "#{name} from <strong>#{change.first}</strong> to <strong>#{change.second}</strong>" + "#{name} from #{change.first} to #{change.second}" end.join(' ') message + '.' |