Merge branch 'philipcunningham-use-sanitizable-in-settings-334653' into 'master'

Use new Sanitizable concern in ApplicationSetting See merge request gitlab-org/gitlab!69604

Merge branch 'philipcunningham-use-sanitizable-in-settings-334653' into 'master'
Use new Sanitizable concern in ApplicationSetting See merge request gitlab-org/gitlab!69604
34f92953 · Kushal Pandya · 73af7e1d · 42bba3a9 · 34f92953 · 34f92953
Commit 34f92953 authored Sep 08, 2021 by Kushal Pandya
3 changed files
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -6,6 +6,7 @@ class ApplicationSetting < ApplicationRecord
  include TokenAuthenticatable
  include ChronicDurationAttribute
  include IgnorableColumns
+  include Sanitizable
  ignore_columns %i[elasticsearch_shards elasticsearch_replicas], remove_with: '14.4', remove_after: '2021-09-22'
  ignore_column :seat_link_enabled, remove_with: '14.4', remove_after: '2021-09-22'
@@ -32,6 +33,8 @@ class ApplicationSetting < ApplicationRecord
  alias_attribute :instance_group_id, :instance_administrators_group_id
  alias_attribute :instance_administrators_group, :instance_group
+  sanitizes! :default_branch_name
  def self.kroki_formats_attributes
    {
      blockdiag: {
@@ -599,7 +602,7 @@ class ApplicationSetting < ApplicationRecord
  before_validation :ensure_uuid!
  before_validation :coerce_repository_storages_weighted, if: :repository_storages_weighted_changed?
-  before_validation :sanitize_default_branch_name
+  before_validation :normalize_default_branch_name
  before_save :ensure_runners_registration_token
  before_save :ensure_health_check_access_token
@@ -629,12 +632,8 @@ class ApplicationSetting < ApplicationRecord
    !!(sourcegraph_url =~ %r{\Ahttps://(www\.)?sourcegraph\.com})
  end
-  def sanitize_default_branch_name
+  def normalize_default_branch_name
-    self.default_branch_name = if default_branch_name.blank?
+    self.default_branch_name = default_branch_name.presence
-                                 nil
-                               else
-                                 Sanitize.fragment(self.default_branch_name)
-                               end
  end
  def instance_review_permitted?

--- a/app/views/admin/application_settings/_initial_branch_name.html.haml
+++ b/app/views/admin/application_settings/_initial_branch_name.html.haml
-= form_for @application_setting, url: general_admin_application_settings_path(anchor: 'js-default-branch-name'), html: { class: 'fieldset-form' } do |f|
+= form_for @application_setting, url: repository_admin_application_settings_path(anchor: 'js-default-branch-name'), html: { class: 'fieldset-form' } do |f|
  = form_errors(@application_setting)
  - fallback_branch_name = "<code>#{Gitlab::DefaultBranch.value}</code>"

--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -7,6 +7,8 @@ RSpec.describe ApplicationSetting do
  subject(:setting) { described_class.create_from_defaults }
+  it_behaves_like 'sanitizable', :application_setting, %i[default_branch_name]
  it { include(CacheableAttributes) }
  it { include(ApplicationSettingImplementation) }
  it { expect(described_class.current_without_cache).to eq(described_class.last) }