Skip to content

G
gitlab-ce
Commit 7627cc19 authored by Ruben Davila's avatar Ruben Davila
Browse files
Options

Validate presence of essential params for diff rendering 

This will avoid application errors generated by the assumption of the
presence of these params.
parent e6d87b39
Hide whitespace changes
Inline Side-by-side
Showing with 47 additions and 0 deletions
app/controllers/projects/blob_controller.rb
View file @ 7627cc19
......@@ -16,6 +16,7 @@ class Projects::BlobController < Projects::ApplicationController
before_action :from_merge_request, only: [:edit, :update]
before_action :require_branch_head, only: [:edit, :update]
before_action :editor_variables, except: [:show, :preview, :diff]
before_action :validate_diff_params, only: :diff
def new
commit unless @repository.empty?
......@@ -146,4 +147,10 @@ class Projects::BlobController < Projects::ApplicationController
file_content_encoding: params[:encoding]
}
end
def validate_diff_params
if [:since, :to, :offset].any? { |key| params[key].blank? }
render nothing: true
end
end
end
spec/controllers/projects/blob_controller_spec.rb 0 → 100644
View file @ 7627cc19
require 'rails_helper'
describe Projects::BlobController do
let(:project) { create(:project) }
let(:user) { create(:user) }
before do
user = create(:user)
project.team << [user, :master]
sign_in(user)
end
describe 'GET diff' do
render_views
def do_get(opts = {})
params = { namespace_id: project.namespace.to_param,
project_id: project.to_param,
id: 'master/CHANGELOG' }
get :diff, params.merge(opts)
end
context 'when essential params are missing' do
it 'renders nothing' do
do_get
expect(response.body).to be_blank
end
end
context 'when essential params are present' do
it 'renders the diff content' do
do_get(since: 1, to: 5, offset: 10)
expect(response.body).to be_present
end
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7