Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
d028863e
Commit
d028863e
authored
May 04, 2016
by
Felipe Artur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Sanitize milestones and label titles
parent
fad7b392
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
27 additions
and
1 deletion
+27
-1
app/models/label.rb
app/models/label.rb
+5
-0
app/models/milestone.rb
app/models/milestone.rb
+5
-0
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
+1
-1
spec/models/label_spec.rb
spec/models/label_spec.rb
+8
-0
spec/models/milestone_spec.rb
spec/models/milestone_spec.rb
+8
-0
No files found.
app/models/label.rb
View file @
d028863e
...
...
@@ -117,6 +117,11 @@ class Label < ActiveRecord::Base
LabelsHelper
::
text_color_for_bg
(
self
.
color
)
end
def
title
=
value
value
=
Sanitize
.
clean
(
value
.
to_s
)
if
value
write_attribute
(
:title
,
Sanitize
.
clean
(
value
))
end
private
def
label_format_reference
(
format
=
:id
)
...
...
app/models/milestone.rb
View file @
d028863e
...
...
@@ -129,6 +129,11 @@ class Milestone < ActiveRecord::Base
nil
end
def
title
=
value
value
=
Sanitize
.
clean
(
value
.
to_s
)
if
value
write_attribute
(
:title
,
value
)
end
# Sorts the issues for the given IDs.
#
# This method runs a single SQL query using a CASE statement to update the
...
...
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
View file @
d028863e
...
...
@@ -43,7 +43,7 @@ describe Banzai::Filter::MilestoneReferenceFilter, lib: true do
milestone
.
update_attribute
(
:title
,
%{"></a>whatever<a title="}
)
doc
=
reference_filter
(
"milestone
#{
reference
}
"
)
expect
(
doc
.
text
).
to
eq
"milestone
#{
milestone
.
title
}
"
expect
(
doc
.
text
).
to
eq
"milestone
\"
>whatever
"
end
it
'includes default classes'
do
...
...
spec/models/label_spec.rb
View file @
d028863e
...
...
@@ -55,6 +55,14 @@ describe Label, models: true do
end
end
describe
"#title"
do
let
(
:label
)
{
create
(
:label
,
title:
"<b>test</b>"
)
}
it
"sanitizes title"
do
expect
(
label
.
title
).
to
eq
(
"test"
)
end
end
describe
'#to_reference'
do
context
'using id'
do
it
'returns a String reference to the object'
do
...
...
spec/models/milestone_spec.rb
View file @
d028863e
...
...
@@ -34,6 +34,14 @@ describe Milestone, models: true do
let
(
:issue
)
{
create
(
:issue
)
}
let
(
:user
)
{
create
(
:user
)
}
describe
"#title"
do
let
(
:milestone
)
{
create
(
:milestone
,
title:
"<b>test</b>"
)
}
it
"sanitizes title"
do
expect
(
milestone
.
title
).
to
eq
(
"test"
)
end
end
describe
"unique milestone title per project"
do
it
"shouldn't accept the same title in a project twice"
do
new_milestone
=
Milestone
.
new
(
project:
milestone
.
project
,
title:
milestone
.
title
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment