Commit 4c767bab authored by Stan Hu's avatar Stan Hu

Merge branch 'issue_19096' into 'master'

Validate presence of essential params for diff rendering

## What does this MR do?

Check the presence of essential params before rendering diff content.
## Are there points in the code the reviewer needs to double check?

No
## Why was this MR needed?

To avoid the generated application error
## What are the relevant issue numbers?

#19096

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !4917
parents f0ed8930 7627cc19
...@@ -16,6 +16,7 @@ class Projects::BlobController < Projects::ApplicationController ...@@ -16,6 +16,7 @@ class Projects::BlobController < Projects::ApplicationController
before_action :from_merge_request, only: [:edit, :update] before_action :from_merge_request, only: [:edit, :update]
before_action :require_branch_head, only: [:edit, :update] before_action :require_branch_head, only: [:edit, :update]
before_action :editor_variables, except: [:show, :preview, :diff] before_action :editor_variables, except: [:show, :preview, :diff]
before_action :validate_diff_params, only: :diff
def new def new
commit unless @repository.empty? commit unless @repository.empty?
...@@ -146,4 +147,10 @@ class Projects::BlobController < Projects::ApplicationController ...@@ -146,4 +147,10 @@ class Projects::BlobController < Projects::ApplicationController
file_content_encoding: params[:encoding] file_content_encoding: params[:encoding]
} }
end end
def validate_diff_params
if [:since, :to, :offset].any? { |key| params[key].blank? }
render nothing: true
end
end
end end
require 'rails_helper'
describe Projects::BlobController do
let(:project) { create(:project) }
let(:user) { create(:user) }
before do
user = create(:user)
project.team << [user, :master]
sign_in(user)
end
describe 'GET diff' do
render_views
def do_get(opts = {})
params = { namespace_id: project.namespace.to_param,
project_id: project.to_param,
id: 'master/CHANGELOG' }
get :diff, params.merge(opts)
end
context 'when essential params are missing' do
it 'renders nothing' do
do_get
expect(response.body).to be_blank
end
end
context 'when essential params are present' do
it 'renders the diff content' do
do_get(since: 1, to: 5, offset: 10)
expect(response.body).to be_present
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment