Merge branch '334033-do-not-allow-deleting-branches-matching-url-encoded' into 'master'

Do not unescape branch name when deleting branch

See merge request gitlab-org/gitlab!73253

app/controllers/projects/branches_controller.rb

@@ -105,8 +105,7 @@ class Projects::BranchesController < Projects::ApplicationController
   # rubocop: enable CodeReuse/ActiveRecord
 
   def destroy
-    @branch_name = Addressable::URI.unescape(params[:id])
-    result = ::Branches::DeleteService.new(project, current_user).execute(@branch_name)
+    result = ::Branches::DeleteService.new(project, current_user).execute(params[:id])
 
     respond_to do |format|
       format.html do

spec/controllers/projects/branches_controller_spec.rb

@@ -356,7 +356,7 @@ RSpec.describe Projects::BranchesController do
       context "valid branch name with encoded slashes" do
         let(:branch) { "improve%2Fawesome" }
 
-        it { expect(response).to have_gitlab_http_status(:ok) }
+        it { expect(response).to have_gitlab_http_status(:not_found) }
         it { expect(response.body).to be_blank }
       end
 
@@ -396,10 +396,10 @@ RSpec.describe Projects::BranchesController do
         let(:branch) { 'improve%2Fawesome' }
 
         it 'returns JSON response with message' do
-          expect(json_response).to eql('message' => 'Branch was deleted')
+          expect(json_response).to eql('message' => 'No such branch')
         end
 
-        it { expect(response).to have_gitlab_http_status(:ok) }
+        it { expect(response).to have_gitlab_http_status(:not_found) }
       end
 
       context 'invalid branch name, valid ref' do