Commit 9a5f83a3 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'unescaped-diffs' into 'master'

Make sure non-highlighted diffs are still escaped

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/12521

See merge request !2544
parents 3ae74df3 82d0fa8e
...@@ -52,7 +52,9 @@ class Projects::BlobController < Projects::ApplicationController ...@@ -52,7 +52,9 @@ class Projects::BlobController < Projects::ApplicationController
def preview def preview
@content = params[:content] @content = params[:content]
diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', include_diff_info: true) diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', include_diff_info: true)
@diff_lines = Gitlab::Diff::Parser.new.parse(diffy.diff.scan(/.*\n/)) diff_lines = diffy.diff.scan(/.*\n/)[2..-1]
diff_lines = Gitlab::Diff::Parser.new.parse(diff_lines)
@diff_lines = Gitlab::Diff::Highlight.new(diff_lines).highlight
render layout: false render layout: false
end end
......
...@@ -244,7 +244,7 @@ class Note < ActiveRecord::Base ...@@ -244,7 +244,7 @@ class Note < ActiveRecord::Base
prev_match_line = nil prev_match_line = nil
prev_lines = [] prev_lines = []
diff_lines.each do |line| highlighted_diff_lines.each do |line|
if line.type == "match" if line.type == "match"
prev_lines.clear prev_lines.clear
prev_match_line = line prev_match_line = line
...@@ -261,7 +261,11 @@ class Note < ActiveRecord::Base ...@@ -261,7 +261,11 @@ class Note < ActiveRecord::Base
end end
def diff_lines def diff_lines
@diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.lines.to_a) @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.lines)
end
def highlighted_diff_lines
Gitlab::Diff::Highlight.new(diff_lines).highlight
end end
def discussion_id def discussion_id
......
module Gitlab module Gitlab
module Diff module Diff
class Highlight class Highlight
attr_reader :diff_file attr_reader :diff_file, :diff_lines, :raw_lines
delegate :old_path, :new_path, :old_ref, :new_ref, to: :diff_file, prefix: :diff delegate :old_path, :new_path, :old_ref, :new_ref, to: :diff_file, prefix: :diff
def initialize(diff_file) def initialize(diff_lines)
@diff_file = diff_file if diff_lines.is_a?(Gitlab::Diff::File)
@diff_lines = diff_file.diff_lines @diff_file = diff_lines
@diff_lines = @diff_file.diff_lines
else
@diff_lines = diff_lines
end
@raw_lines = @diff_lines.map(&:text) @raw_lines = @diff_lines.map(&:text)
end end
...@@ -31,7 +35,7 @@ module Gitlab ...@@ -31,7 +35,7 @@ module Gitlab
private private
def highlight_line(diff_line, index) def highlight_line(diff_line, index)
return html_escape(diff_line.text) unless diff_file.diff_refs return html_escape(diff_line.text) unless diff_file && diff_file.diff_refs
line_prefix = diff_line.text.match(/\A(.)/) ? $1 : ' ' line_prefix = diff_line.text.match(/\A(.)/) ? $1 : ' '
...@@ -52,10 +56,12 @@ module Gitlab ...@@ -52,10 +56,12 @@ module Gitlab
end end
def old_lines def old_lines
return unless diff_file
@old_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:old)) @old_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:old))
end end
def new_lines def new_lines
return unless diff_file
@new_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:new)) @new_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:new))
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment