From ea6945b8113160f2009daa854e612eb009690a2a Mon Sep 17 00:00:00 2001 From: Michael Kozono Date: Mon, 25 Feb 2019 12:43:26 -0800 Subject: Revert "Merge branch 'sh-fix-cpp-templates-404' into 'master'" This reverts commit 4b282e9ce1ae246c4538b3ede18d1380ea778029, reversing changes made to b6f37434a7022be1be40c0d0519aea3ceca25ea5. --- changelogs/unreleased/sh-fix-cpp-templates-404.yml | 5 ---- lib/api/project_templates.rb | 5 +--- spec/requests/api/project_templates_spec.rb | 28 ---------------------- 3 files changed, 1 insertion(+), 37 deletions(-) delete mode 100644 changelogs/unreleased/sh-fix-cpp-templates-404.yml diff --git a/changelogs/unreleased/sh-fix-cpp-templates-404.yml b/changelogs/unreleased/sh-fix-cpp-templates-404.yml deleted file mode 100644 index ac958d84099..00000000000 --- a/changelogs/unreleased/sh-fix-cpp-templates-404.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix 404s when C++ .gitignore template selected -merge_request: 25416 -author: -type: fixed diff --git a/lib/api/project_templates.rb b/lib/api/project_templates.rb index 119902a189c..d05ddad7466 100644 --- a/lib/api/project_templates.rb +++ b/lib/api/project_templates.rb @@ -36,10 +36,7 @@ module API optional :project, type: String, desc: 'The project name to use when expanding placeholders in the template. Only affects licenses' optional :fullname, type: String, desc: 'The full name of the copyright holder to use when expanding placeholders in the template. Only affects licenses' end - # The regex is needed to ensure a period (e.g. agpl-3.0) - # isn't confused with a format type. We also need to allow encoded - # values (e.g. C%2B%2B for C++), so allow % and + as well. - get ':id/templates/:type/:name', requirements: { name: /[\w%.+-]+/ } do + get ':id/templates/:type/:name', requirements: { name: /[\w\.-]+/ } do template = TemplateFinder .build(params[:type], user_project, name: params[:name]) .execute diff --git a/spec/requests/api/project_templates_spec.rb b/spec/requests/api/project_templates_spec.rb index 80e5033dab4..ab5d4de7ff7 100644 --- a/spec/requests/api/project_templates_spec.rb +++ b/spec/requests/api/project_templates_spec.rb @@ -92,22 +92,6 @@ describe API::ProjectTemplates do expect(json_response['name']).to eq('Actionscript') end - it 'returns C++ gitignore' do - get api("/projects/#{public_project.id}/templates/gitignores/C++") - - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v4/template') - expect(json_response['name']).to eq('C++') - end - - it 'returns C++ gitignore for URL-encoded names' do - get api("/projects/#{public_project.id}/templates/gitignores/C%2B%2B") - - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v4/template') - expect(json_response['name']).to eq('C++') - end - it 'returns a specific gitlab_ci_yml' do get api("/projects/#{public_project.id}/templates/gitlab_ci_ymls/Android") @@ -141,18 +125,6 @@ describe API::ProjectTemplates do expect(response).to have_gitlab_http_status(200) expect(response).to match_response_schema('public_api/v4/license') end - - shared_examples 'path traversal attempt' do |template_type| - it 'rejects invalid filenames' do - get api("/projects/#{public_project.id}/templates/#{template_type}/%2e%2e%2fPython%2ea") - - expect(response).to have_gitlab_http_status(500) - end - end - - TemplateFinder::VENDORED_TEMPLATES.each do |template_type, _| - it_behaves_like 'path traversal attempt', template_type - end end describe 'GET /projects/:id/templates/licenses/:key' do -- cgit v1.2.1