Merge branch 'fix-quotes-in-branch' into 'master'

Fix commit data retrieval when branch name has single quotes

Quotes in ref names need to be escaped properly in JavaScript.

Closes #1724

See merge request !1046

CHANGELOG

@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.14.0 (unreleased)
   - Fix URL used for refreshing notes if relative_url is present (Bartłomiej Święcki)
+  - Fix commit data retrieval when branch name has single quotes (Stan Hu)
   - Fix Error 500 when browsing projects with no HEAD (Stan Hu)
   - Add rake task 'gitlab:update_commit_count' (Daniel Gerhardt)
   - Fix full screen mode for snippet comments (Daniel Gerhardt)

app/controllers/projects/refs_controller.rb

 class Projects::RefsController < Projects::ApplicationController
   include ExtractsPath
+  include TreeHelper
 
   before_action :require_non_empty_project
   before_action :assign_ref_vars
@@ -60,6 +61,11 @@ class Projects::RefsController < Projects::ApplicationController
       }
     end
 
+    if @logs.present?
+      @log_url = namespace_project_tree_url(@project.namespace, @project, tree_join(@ref, @path || '/'))
+      @more_log_url = logs_file_namespace_project_ref_path(@project.namespace, @project, @ref, @path || '', offset: (@offset +  @limit))
+    end
+
     respond_to do |format|
       format.html { render_404 }
       format.js

app/views/projects/refs/logs_tree.js.haml

@@ -11,9 +11,11 @@
 - if @logs.present?
   :plain
     var current_url = location.href.replace(/\/?$/, '/');
-    var log_url = '#{namespace_project_tree_url(@project.namespace, @project, tree_join(@ref, @path || '/'))}'.replace(/\/?$/, '/');
+    var log_url = "#{escape_javascript(@log_url)}".replace(/\/?$/, '/');
+
     if(current_url == log_url) {
-      // Load 10 more commit log for each file in tree
+      // Load more commit logs for each file in tree
       // if we still on the same page
-      ajaxGet('#{logs_file_namespace_project_ref_path(@project.namespace, @project, @ref, @path || '', offset: (@offset +  @limit))}');
+      var url = "#{escape_javascript(@more_log_url)}";
+      ajaxGet(url);
     }

app/views/projects/tree/_tree.html.haml

@@ -49,5 +49,5 @@
 :javascript
   // Load last commit log for each file in tree
   $('#tree-slider').waitForImages(function() {
-    ajaxGet('#{@logs_path}');
+    ajaxGet("#{escape_javascript(@logs_path)}");
   });

features/project/source/browse_files.feature

@@ -158,3 +158,10 @@ Feature: Project Source Browse Files
     Given I visit project source page for "6d394385cf567f80a8fd85055db1ab4c5295806f"
     And I click on ".gitignore" file in repo
     Then I don't see the permalink link
+
+  @javascript
+  Scenario: I browse code with single quotes in the ref
+    Given I switch ref to 'test'
+    And I see the ref 'test' has been selected
+    And I visit the 'test' tree
+    Then I see the commit data

features/steps/project/source/browse_files.rb

@@ -193,6 +193,23 @@ class Spinach::Features::ProjectSourceBrowseFiles < Spinach::FeatureSteps
     FileUtils.rm_f(File.join(@project.repository.path, 'hooks', 'pre-receive'))
   end
 
+  step "I switch ref to 'test'" do
+    select "'test'", from: 'ref'
+  end
+
+  step "I see the ref 'test' has been selected" do
+    expect(page).to have_selector '.select2-chosen', text: "'test'"
+  end
+
+  step "I visit the 'test' tree" do
+    visit namespace_project_tree_path(@project.namespace, @project, "'test'")
+  end
+
+  step 'I see the commit data' do
+    expect(page).to have_css('.tree-commit-link', visible: true)
+    expect(page).not_to have_content('Loading commit data...')
+  end
+
   private
 
   def set_new_content

spec/support/test_env.rb

@@ -12,7 +12,8 @@ module TestEnv
     'fix'              => '12d65c8',
     'improve/awesome'  => '5937ac0',
     'markdown'         => '0ed8c6c',
-    'master'           => '5937ac0'
+    'master'           => '5937ac0',
+    "'test'"           => 'e56497b',
   }
 
   # gitlab-test-fork is a fork of gitlab-fork, but we don't necessarily