Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3b023531
Commit
3b023531
authored
Jan 18, 2018
by
Nick Thomas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Correctly escape UTF-8 path elements for uploads
parent
e56bcf92
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
17 additions
and
11 deletions
+17
-11
changelogs/unreleased/42159-utf8-uploads.yml
changelogs/unreleased/42159-utf8-uploads.yml
+5
-0
lib/banzai/filter/relative_link_filter.rb
lib/banzai/filter/relative_link_filter.rb
+3
-3
spec/lib/banzai/filter/relative_link_filter_spec.rb
spec/lib/banzai/filter/relative_link_filter_spec.rb
+9
-8
No files found.
changelogs/unreleased/42159-utf8-uploads.yml
0 → 100644
View file @
3b023531
---
title
:
Correctly escape UTF-8 path elements for uploads
merge_request
:
16560
author
:
type
:
fixed
lib/banzai/filter/relative_link_filter.rb
View file @
3b023531
...
@@ -50,7 +50,7 @@ module Banzai
...
@@ -50,7 +50,7 @@ module Banzai
end
end
def
process_link_to_upload_attr
(
html_attr
)
def
process_link_to_upload_attr
(
html_attr
)
path_parts
=
[
html_attr
.
value
]
path_parts
=
[
Addressable
::
URI
.
unescape
(
html_attr
.
value
)
]
if
group
if
group
path_parts
.
unshift
(
relative_url_root
,
'groups'
,
group
.
full_path
,
'-'
)
path_parts
.
unshift
(
relative_url_root
,
'groups'
,
group
.
full_path
,
'-'
)
...
@@ -58,13 +58,13 @@ module Banzai
...
@@ -58,13 +58,13 @@ module Banzai
path_parts
.
unshift
(
relative_url_root
,
project
.
full_path
)
path_parts
.
unshift
(
relative_url_root
,
project
.
full_path
)
end
end
path
=
File
.
join
(
*
path_parts
)
path
=
Addressable
::
URI
.
escape
(
File
.
join
(
*
path_parts
)
)
html_attr
.
value
=
html_attr
.
value
=
if
context
[
:only_path
]
if
context
[
:only_path
]
path
path
else
else
URI
.
join
(
Gitlab
.
config
.
gitlab
.
base_url
,
path
).
to_s
Addressable
::
URI
.
join
(
Gitlab
.
config
.
gitlab
.
base_url
,
path
).
to_s
end
end
end
end
...
...
spec/lib/banzai/filter/relative_link_filter_spec.rb
View file @
3b023531
...
@@ -278,18 +278,19 @@ describe Banzai::Filter::RelativeLinkFilter do
...
@@ -278,18 +278,19 @@ describe Banzai::Filter::RelativeLinkFilter do
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
'http://example.com'
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
'http://example.com'
end
end
it
'supports Unicode filenames'
do
it
'supports
unescaped
Unicode filenames'
do
path
=
'/uploads/한글.png'
path
=
'/uploads/한글.png'
escaped
=
Addressable
::
URI
.
escape
(
path
)
doc
=
filter
(
link
(
path
)
)
# Stub these methods so the file doesn't actually need to be in the repo
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
(
"/
#{
project
.
full_path
}
/uploads/%ED%95%9C%EA%B8%80.png"
)
allow_any_instance_of
(
described_class
)
end
.
to
receive
(
:file_exists?
).
and_return
(
true
)
allow_any_instance_of
(
described_class
)
.
to
receive
(
:image?
).
with
(
path
).
and_return
(
true
)
it
'supports escaped Unicode filenames'
do
path
=
'/uploads/한글.png'
escaped
=
Addressable
::
URI
.
escape
(
path
)
doc
=
filter
(
image
(
escaped
))
doc
=
filter
(
image
(
escaped
))
expect
(
doc
.
at_css
(
'img'
)[
'src'
]).
to
match
"/
#{
project
.
full_path
}
/uploads/%ED%95%9C%EA%B8%80.png"
expect
(
doc
.
at_css
(
'img'
)[
'src'
]).
to
eq
(
"/
#{
project
.
full_path
}
/uploads/%ED%95%9C%EA%B8%80.png"
)
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment