Commit 11b3a059 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

parents e2c14a2b 30ac909f
......@@ -2,6 +2,7 @@ v 7.5.0
- API: Add support for Hipchat (Kevin Houdebert)
- Add time zone configuration on gitlab.yml (Sullivan Senechal)
- Fix LDAP authentication for Git HTTP access
- Run 'GC.start' after every EmailsOnPushWorker job
- Fix LDAP config lookup for provider 'ldap'
- Drop all sequences during Postgres database restore
- Project title links to project homepage (Ben Bodenmiller)
......@@ -12,6 +13,18 @@ v 7.5.0
- Return valid json for deleting branch via API (sponsored by O'Reilly Media)
- Expose username in project events API (sponsored by O'Reilly Media)
- Adds comments to commits in the API
- Performance improvements
- Fix post-receive issue for projects with deleted forks
- New gitlab-shell version with custom hooks support
- Improve code
- GitLab CI 5.2+ support (does not support older versions)
- Fixed bug when you can not push commits starting with 000000 to protected branches
- Added a password strength indicator
- Change project name and path in one form
- Display renamed files in diff views (Vinnie Okada)
- Add timezone configuration to gitlab.yml
- Fix raw view for public snippets
- Use secret token with GitLab internal API.
v 7.4.3
- Fix raw snippets view
......
......@@ -31,7 +31,7 @@ gem 'omniauth-shibboleth'
# Extracting information from a git repository
# Provide access to Gitlab::Git library
gem "gitlab_git", '7.0.0.rc10'
gem "gitlab_git", '7.0.0.rc11'
# Ruby/Rack Git Smart-HTTP Server Handler
gem 'gitlab-grack', '~> 2.0.0.pre', require: 'grack'
......
......@@ -179,7 +179,7 @@ GEM
mime-types (~> 1.19)
gitlab_emoji (0.0.1.1)
emoji (~> 1.0.1)
gitlab_git (7.0.0.rc10)
gitlab_git (7.0.0.rc11)
activesupport (~> 4.0)
charlock_holmes (~> 0.6)
gitlab-linguist (~> 3.0)
......@@ -630,7 +630,7 @@ DEPENDENCIES
gitlab-grack (~> 2.0.0.pre)
gitlab-linguist (~> 3.0.0)
gitlab_emoji (~> 0.0.1.1)
gitlab_git (= 7.0.0.rc10)
gitlab_git (= 7.0.0.rc11)
gitlab_meta (= 7.0)
gitlab_omniauth-ldap (= 1.2.0)
gollum-lib (~> 3.0.0)
......
class Projects::BranchesController < Projects::ApplicationController
include ActionView::Helpers::SanitizeHelper
# Authorize
before_filter :require_non_empty_project
......@@ -16,8 +17,10 @@ class Projects::BranchesController < Projects::ApplicationController
end
def create
branch_name = sanitize(strip_tags(params[:branch_name]))
ref = sanitize(strip_tags(params[:ref]))
result = CreateBranchService.new(project, current_user).
execute(params[:branch_name], params[:ref])
execute(branch_name, ref)
if result[:status] == :success
@branch = result[:branch]
......
......@@ -87,8 +87,8 @@ module CommitsHelper
# avatar: true will prepend the avatar image
# size: size of the avatar image in px
def commit_person_link(commit, options = {})
source_name = commit.send "#{options[:source]}_name".to_sym
source_email = commit.send "#{options[:source]}_email".to_sym
source_name = clean(commit.send "#{options[:source]}_name".to_sym)
source_email = clean(commit.send "#{options[:source]}_email".to_sym)
user = User.find_for_commit(source_email, source_name)
person_name = user.nil? ? source_name : user.name
......@@ -124,4 +124,8 @@ module CommitsHelper
def truncate_sha(sha)
Commit.truncate_sha(sha)
end
def clean(string)
Sanitize.clean(string, remove_contents: true)
end
end
......@@ -21,5 +21,8 @@ class EmailsOnPushWorker
recipients.split(" ").each do |recipient|
Notify.repository_push_email(project_id, recipient, author_id, branch, compare).deliver
end
ensure
compare = nil
GC.start
end
end
......@@ -285,7 +285,8 @@ Proposed tweet for CE "GitLab X.X is released! It brings *** <link-to-blogpost>"
# **1 workday after release - Update GitLab.com**
Update GitLab.com from RC1 to the released package.
- Build a package for gitlab.com based on the official release instead of RC1
- Deploy the package
# **25th - Release GitLab CI**
......
......@@ -59,7 +59,13 @@ module Backup
project.namespace.ensure_dir_exist if project.namespace
if system(*%W(git clone --bare #{path_to_bundle(project)} #{path_to_repo(project)}), silent)
if File.exists?(path_to_bundle(project))
cmd = %W(git clone --bare #{path_to_bundle(project)} #{path_to_repo(project)})
else
cmd = %W(git init --bare #{path_to_repo(project)})
end
if system(*cmd, silent)
puts "[DONE]".green
else
puts "[FAILED]".red
......
require 'spec_helper'
describe Projects::BranchesController do
let(:project) { create(:project) }
let(:user) { create(:user) }
before do
sign_in(user)
project.team << [user, :master]
project.stub(:branches).and_return(['master', 'foo/bar/baz'])
project.stub(:tags).and_return(['v1.0.0', 'v2.0.0'])
controller.instance_variable_set(:@project, project)
end
describe "POST create" do
render_views
before {
post :create,
project_id: project.to_param,
branch_name: branch,
ref: ref
}
context "valid branch name, valid source" do
let(:branch) { "merge_branch" }
let(:ref) { "master" }
it { should redirect_to("/#{project.path_with_namespace}/tree/merge_branch") }
end
context "invalid branch name, valid ref" do
let(:branch) { "<script>alert('merge');</script>" }
let(:ref) { "master" }
it { should redirect_to("/#{project.path_with_namespace}/tree/alert('merge');") }
end
context "valid branch name, invalid ref" do
let(:branch) { "merge_branch" }
let(:ref) { "<script>alert('ref');</script>" }
it { should render_template("new") }
end
context "invalid branch name, invalid ref" do
let(:branch) { "<script>alert('merge');</script>" }
let(:ref) { "<script>alert('ref');</script>" }
it { should render_template("new") }
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment