Commit 8e7661c2 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'redirect-host-check' into 'master'

Redirect host check

Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2649

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/13956

See merge request !1945
parents a3b626bf 5352ec2e
...@@ -29,6 +29,7 @@ v 8.6.0 (unreleased) ...@@ -29,6 +29,7 @@ v 8.6.0 (unreleased)
- Add main language of a project in the list of projects (Tiago Botelho) - Add main language of a project in the list of projects (Tiago Botelho)
- Add ability to show archived projects on dashboard, explore and group pages - Add ability to show archived projects on dashboard, explore and group pages
- Move group activity to separate page - Move group activity to separate page
- Continue parameters are checked to ensure redirection goes to the same instance
v 8.5.5 v 8.5.5
- Ensure removing a project removes associated Todo entries - Ensure removing a project removes associated Todo entries
......
module ContinueParams
extend ActiveSupport::Concern
def continue_params
continue_params = params[:continue]
return nil unless continue_params
continue_params = continue_params.permit(:to, :notice, :notice_now)
return unless continue_params[:to] && continue_params[:to].start_with?('/')
continue_params
end
end
class Projects::ForksController < Projects::ApplicationController class Projects::ForksController < Projects::ApplicationController
include ContinueParams
# Authorize # Authorize
before_action :require_non_empty_project before_action :require_non_empty_project
before_action :authorize_download_code! before_action :authorize_download_code!
...@@ -53,15 +55,4 @@ class Projects::ForksController < Projects::ApplicationController ...@@ -53,15 +55,4 @@ class Projects::ForksController < Projects::ApplicationController
render :error render :error
end end
end end
private
def continue_params
continue_params = params[:continue]
if continue_params
continue_params.permit(:to, :notice, :notice_now)
else
nil
end
end
end end
class Projects::ImportsController < Projects::ApplicationController class Projects::ImportsController < Projects::ApplicationController
include ContinueParams
# Authorize # Authorize
before_action :authorize_admin_project! before_action :authorize_admin_project!
before_action :require_no_repo, only: [:new, :create] before_action :require_no_repo, only: [:new, :create]
...@@ -44,16 +46,6 @@ class Projects::ImportsController < Projects::ApplicationController ...@@ -44,16 +46,6 @@ class Projects::ImportsController < Projects::ApplicationController
private private
def continue_params
continue_params = params[:continue]
if continue_params
continue_params.permit(:to, :notice, :notice_now)
else
nil
end
end
def finished_notice def finished_notice
if @project.forked? if @project.forked?
'The project was successfully forked.' 'The project was successfully forked.'
......
...@@ -19,7 +19,7 @@ describe Projects::ImportsController do ...@@ -19,7 +19,7 @@ describe Projects::ImportsController do
end end
it 'sets flash.now if params is present' do it 'sets flash.now if params is present' do
get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { notice_now: 'Started' } get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { to: '/', notice_now: 'Started' }
expect(flash.now[:notice]).to eq 'Started' expect(flash.now[:notice]).to eq 'Started'
end end
...@@ -45,7 +45,7 @@ describe Projects::ImportsController do ...@@ -45,7 +45,7 @@ describe Projects::ImportsController do
end end
it 'sets flash.now if params is present' do it 'sets flash.now if params is present' do
get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { notice_now: 'In progress' } get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { to: '/', notice_now: 'In progress' }
expect(flash.now[:notice]).to eq 'In progress' expect(flash.now[:notice]).to eq 'In progress'
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment