From adf9a51899b02f7adc678dca7909201500f05026 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 7 May 2016 08:41:10 -0700 Subject: Escape HTML in commit titles in system note messages Closes #17348 --- app/services/system_note_service.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb index 82a0e2fd1f5..4bdb1b0c074 100644 --- a/app/services/system_note_service.rb +++ b/app/services/system_note_service.rb @@ -351,7 +351,7 @@ class SystemNoteService # Returns an Array of Strings def self.new_commit_summary(new_commits) new_commits.collect do |commit| - "* #{commit.short_id} - #{commit.title}" + "* #{commit.short_id} - #{escape_html(commit.title)}" end end @@ -433,4 +433,8 @@ class SystemNoteService body = "Moved #{direction} #{cross_reference}" create_note(noteable: noteable, project: project, author: author, note: body) end + + def self.escape_html(text) + Rack::Utils.escape_html(text) + end end -- cgit v1.2.1 From f2548f3f2b3dcd1c6ecbae20af28933f3ab88fdd Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 10 May 2016 22:07:13 -0700 Subject: Improve log message when a project is destroyed to include the namespace --- app/services/projects/destroy_service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/projects/destroy_service.rb b/app/services/projects/destroy_service.rb index 19aab999e00..48a6131b444 100644 --- a/app/services/projects/destroy_service.rb +++ b/app/services/projects/destroy_service.rb @@ -35,7 +35,7 @@ module Projects end end - log_info("Project \"#{project.name}\" was removed") + log_info("Project \"#{project.path_with_namespace}\" was removed") system_hook_service.execute_hooks_for(project, :destroy) true end -- cgit v1.2.1 From f5a0ac0fc197bae2eb5fe1045ed237cdbbaf6ea4 Mon Sep 17 00:00:00 2001 From: Gabriel Mazetto Date: Tue, 10 May 2016 23:58:06 -0300 Subject: Codestyle: make sure we have space around operators --- app/services/merge_requests/build_service.rb | 2 +- app/services/system_hooks_service.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'app/services') diff --git a/app/services/merge_requests/build_service.rb b/app/services/merge_requests/build_service.rb index cd4230aa5e4..1b48899bb0a 100644 --- a/app/services/merge_requests/build_service.rb +++ b/app/services/merge_requests/build_service.rb @@ -66,7 +66,7 @@ module MergeRequests commits = merge_request.compare_commits if commits && commits.count == 1 commit = commits.first - merge_request.title = commit.title + merge_request.title = commit.title merge_request.description ||= commit.description.try(:strip) elsif iid && (issue = merge_request.target_project.get_issue(iid)) && !issue.try(:confidential?) case issue diff --git a/app/services/system_hooks_service.rb b/app/services/system_hooks_service.rb index e43b5b51e5b..1fb72cf89e9 100644 --- a/app/services/system_hooks_service.rb +++ b/app/services/system_hooks_service.rb @@ -85,7 +85,7 @@ class SystemHooksService path_with_namespace: model.path_with_namespace, project_id: model.id, owner_name: owner.name, - owner_email: owner.respond_to?(:email) ? owner.email : "", + owner_email: owner.respond_to?(:email) ? owner.email : "", project_visibility: Project.visibility_levels.key(model.visibility_level_field).downcase } end -- cgit v1.2.1