BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
4bc4f065
Commit
4bc4f065
authored
May 08, 2016
by
Robert Speicher
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'escape-commit-titles' into 'master'
Escape HTML in commit titles in system note messages Closes #17348 See merge request !4084
parents
4a47470f
adf9a518
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
15 additions
and
1 deletion
+15
-1
CHANGELOG
CHANGELOG
+1
-0
system_note_service.rb
app/services/system_note_service.rb
+5
-1
system_note_service_spec.rb
spec/services/system_note_service_spec.rb
+9
-0
No files found.
CHANGELOG
View file @
4bc4f065
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
v 8.8.0 (unreleased)
- Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
- Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
- Project#open_branches has been cleaned up and no longer loads entire records into memory.
- Project#open_branches has been cleaned up and no longer loads entire records into memory.
- Escape HTML in commit titles in system note messages
- Log to application.log when an admin starts and stops impersonating a user
- Log to application.log when an admin starts and stops impersonating a user
- Updated gitlab_git to 10.1.0
- Updated gitlab_git to 10.1.0
- GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
- GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
...
...
app/services/system_note_service.rb
View file @
4bc4f065
...
@@ -351,7 +351,7 @@ class SystemNoteService
...
@@ -351,7 +351,7 @@ class SystemNoteService
# Returns an Array of Strings
# Returns an Array of Strings
def
self
.
new_commit_summary
(
new_commits
)
def
self
.
new_commit_summary
(
new_commits
)
new_commits
.
collect
do
|
commit
|
new_commits
.
collect
do
|
commit
|
"*
#{
commit
.
short_id
}
-
#{
commit
.
title
}
"
"*
#{
commit
.
short_id
}
-
#{
escape_html
(
commit
.
title
)
}
"
end
end
end
end
...
@@ -433,4 +433,8 @@ class SystemNoteService
...
@@ -433,4 +433,8 @@ class SystemNoteService
body
=
"Moved
#{
direction
}
#{
cross_reference
}
"
body
=
"Moved
#{
direction
}
#{
cross_reference
}
"
create_note
(
noteable:
noteable
,
project:
project
,
author:
author
,
note:
body
)
create_note
(
noteable:
noteable
,
project:
project
,
author:
author
,
note:
body
)
end
end
def
self
.
escape_html
(
text
)
Rack
::
Utils
.
escape_html
(
text
)
end
end
end
spec/services/system_note_service_spec.rb
View file @
4bc4f065
...
@@ -506,6 +506,15 @@ describe SystemNoteService, services: true do
...
@@ -506,6 +506,15 @@ describe SystemNoteService, services: true do
end
end
end
end
describe
'.new_commit_summary'
do
it
'escapes HTML titles'
do
commit
=
double
(
title:
'<pre>This is a test</pre>'
,
short_id:
'12345678'
)
escaped
=
'* 12345678 - <pre>This is a test</pre>'
expect
(
described_class
.
new_commit_summary
([
commit
])).
to
eq
([
escaped
])
end
end
include
JiraServiceHelper
include
JiraServiceHelper
describe
'JIRA integration'
do
describe
'JIRA integration'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment