Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kazuhiko Shiozaki
gitlab-ce
Commits
7e3f49ba
Commit
7e3f49ba
authored
Nov 14, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'branch_name' into 'master'
Strip tags from branch name See merge request !1251
parents
d55f5587
334fe865
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
55 additions
and
1 deletion
+55
-1
app/controllers/projects/branches_controller.rb
app/controllers/projects/branches_controller.rb
+4
-1
spec/controllers/branches_controller_spec.rb
spec/controllers/branches_controller_spec.rb
+51
-0
No files found.
app/controllers/projects/branches_controller.rb
View file @
7e3f49ba
class
Projects::BranchesController
<
Projects
::
ApplicationController
include
ActionView
::
Helpers
::
SanitizeHelper
# Authorize
before_filter
:require_non_empty_project
...
...
@@ -16,8 +17,10 @@ class Projects::BranchesController < Projects::ApplicationController
end
def
create
branch_name
=
sanitize
(
strip_tags
(
params
[
:branch_name
]))
ref
=
sanitize
(
strip_tags
(
params
[
:ref
]))
result
=
CreateBranchService
.
new
(
project
,
current_user
).
execute
(
params
[
:branch_name
],
params
[
:ref
]
)
execute
(
branch_name
,
ref
)
if
result
[
:status
]
==
:success
@branch
=
result
[
:branch
]
...
...
spec/controllers/branches_controller_spec.rb
0 → 100644
View file @
7e3f49ba
require
'spec_helper'
describe
Projects
::
BranchesController
do
let
(
:project
)
{
create
(
:project
)
}
let
(
:user
)
{
create
(
:user
)
}
before
do
sign_in
(
user
)
project
.
team
<<
[
user
,
:master
]
project
.
stub
(
:branches
).
and_return
([
'master'
,
'foo/bar/baz'
])
project
.
stub
(
:tags
).
and_return
([
'v1.0.0'
,
'v2.0.0'
])
controller
.
instance_variable_set
(
:@project
,
project
)
end
describe
"POST create"
do
render_views
before
{
post
:create
,
project_id:
project
.
to_param
,
branch_name:
branch
,
ref:
ref
}
context
"valid branch name, valid source"
do
let
(
:branch
)
{
"merge_branch"
}
let
(
:ref
)
{
"master"
}
it
{
should
redirect_to
(
"/
#{
project
.
path_with_namespace
}
/tree/merge_branch"
)
}
end
context
"invalid branch name, valid ref"
do
let
(
:branch
)
{
"<script>alert('merge');</script>"
}
let
(
:ref
)
{
"master"
}
it
{
should
redirect_to
(
"/
#{
project
.
path_with_namespace
}
/tree/alert('merge');"
)
}
end
context
"valid branch name, invalid ref"
do
let
(
:branch
)
{
"merge_branch"
}
let
(
:ref
)
{
"<script>alert('ref');</script>"
}
it
{
should
render_template
(
"new"
)
}
end
context
"invalid branch name, invalid ref"
do
let
(
:branch
)
{
"<script>alert('merge');</script>"
}
let
(
:ref
)
{
"<script>alert('ref');</script>"
}
it
{
should
render_template
(
"new"
)
}
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment