Fix errors deleting and creating branches with encoded slashes

Closes #1804

Fix errors deleting and creating branches with encoded slashes
Closes #1804
208e07fe · Stan Hu · bdb4288a · 208e07fe · 208e07fe · 208e07fe
Commit 208e07fe authored Aug 01, 2015 by Stan Hu
3 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.

 v 7.14.0 (unreleased)
+  - Fix errors deleting and creating branches with encoded slashes (Stan Hu)
  - Fix multi-line syntax highlighting (Stan Hu)
  - Fix network graph when branch name has single quotes (Stan Hu)
  - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu)

--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -17,7 +17,9 @@ class Projects::BranchesController < Projects::ApplicationController

  def create
    branch_name = sanitize(strip_tags(params[:branch_name]))
+    branch_name = Addressable::URI.unescape(branch_name)
    ref = sanitize(strip_tags(params[:ref]))
+    ref = Addressable::URI.unescape(ref)
    result = CreateBranchService.new(project, current_user).
        execute(branch_name, ref)

@@ -32,9 +34,8 @@ class Projects::BranchesController < Projects::ApplicationController
  end

  def destroy
-    status = DeleteBranchService.new(project, current_user).execute(params[:id])
-    @branch_name = params[:id]
-
+    @branch_name = Addressable::URI.unescape(params[:id])
+    status = DeleteBranchService.new(project, current_user).execute(@branch_name)
    respond_to do |format|
      format.html do
        redirect_to namespace_project_branches_path(@project.namespace,

--- a/spec/controllers/branches_controller_spec.rb
+++ b/spec/controllers/branches_controller_spec.rb
@@ -54,6 +54,13 @@ describe Projects::BranchesController do
      let(:ref) { "<script>alert('ref');</script>" }
      it { is_expected.to render_template('new') }
    end
+
+    context "valid branch name with encoded slashes" do
+      let(:branch) { "feature%2Ftest" }
+      let(:ref) { "<script>alert('ref');</script>" }
+      it { is_expected.to render_template('new') }
+      it { project.repository.branch_names.include?('feature/test')}
+    end
  end

  describe "POST destroy" do
@@ -74,6 +81,19 @@ describe Projects::BranchesController do
      it { expect(subject).to render_template('destroy') }
    end

+    context "valid branch name with unencoded slashes" do
+      let(:branch) { "improve/awesome" }
+
+      it { expect(response.status).to eq(200) }
+      it { expect(subject).to render_template('destroy') }
+    end
+
+    context "valid branch name with encoded slashes" do
+      let(:branch) { "improve%2Fawesome" }
+
+      it { expect(response.status).to eq(200) }
+      it { expect(subject).to render_template('destroy') }
+    end
    context "invalid branch name, valid ref" do
      let(:branch) { "no-branch" }