Commit 998d464b authored by GitLab Bot's avatar GitLab Bot

Merge remote-tracking branch 'upstream/master' into ce-to-ee-2018-09-18

# Conflicts:
#	app/views/profiles/keys/_key_details.html.haml

[ci skip]
parents e8c22616 953018e3
...@@ -136,7 +136,7 @@ GEM ...@@ -136,7 +136,7 @@ GEM
coderay (1.1.2) coderay (1.1.2)
coercible (1.0.0) coercible (1.0.0)
descendants_tracker (~> 0.0.1) descendants_tracker (~> 0.0.1)
commonmarker (0.17.8) commonmarker (0.17.13)
ruby-enum (~> 0.5) ruby-enum (~> 0.5)
concord (0.1.5) concord (0.1.5)
adamantium (~> 0.2.0) adamantium (~> 0.2.0)
......
...@@ -651,7 +651,7 @@ class User < ActiveRecord::Base ...@@ -651,7 +651,7 @@ class User < ActiveRecord::Base
# possibility of the commit_email column not existing. # possibility of the commit_email column not existing.
def commit_email def commit_email
return unless has_attribute?(:commit_email) return self.email unless has_attribute?(:commit_email)
# The commit email is the same as the primary email if undefined # The commit email is the same as the primary email if undefined
super.presence || self.email super.presence || self.email
......
...@@ -41,12 +41,13 @@ class UrlValidator < ActiveModel::EachValidator ...@@ -41,12 +41,13 @@ class UrlValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value) def validate_each(record, attribute, value)
@record = record @record = record
if value.present? unless value.present?
value.strip!
else
record.errors.add(attribute, 'must be a valid URL') record.errors.add(attribute, 'must be a valid URL')
return
end end
value = strip_value!(record, attribute, value)
Gitlab::UrlBlocker.validate!(value, blocker_args) Gitlab::UrlBlocker.validate!(value, blocker_args)
rescue Gitlab::UrlBlocker::BlockedUrlError => e rescue Gitlab::UrlBlocker::BlockedUrlError => e
record.errors.add(attribute, "is blocked: #{e.message}") record.errors.add(attribute, "is blocked: #{e.message}")
...@@ -54,6 +55,13 @@ class UrlValidator < ActiveModel::EachValidator ...@@ -54,6 +55,13 @@ class UrlValidator < ActiveModel::EachValidator
private private
def strip_value!(record, attribute, value)
new_value = value.strip
return value if new_value == value
record.public_send("#{attribute}=", new_value) # rubocop:disable GitlabSecurity/PublicSend
end
def default_options def default_options
# By default the validator doesn't block any url based on the ip address # By default the validator doesn't block any url based on the ip address
{ {
......
...@@ -24,5 +24,9 @@ ...@@ -24,5 +24,9 @@
= @key.key = @key.key
.col-md-12 .col-md-12
.float-right .float-right
<<<<<<< HEAD
- unless @key.is_a? LDAPKey - unless @key.is_a? LDAPKey
= link_to 'Remove', path_to_key(@key, is_admin), data: {confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove delete-key qa-delete-key-button" = link_to 'Remove', path_to_key(@key, is_admin), data: {confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove delete-key qa-delete-key-button"
=======
= link_to 'Remove', path_to_key(@key, is_admin), data: {confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove delete-key qa-delete-key-button"
>>>>>>> upstream/master
...@@ -66,6 +66,8 @@ module QA ...@@ -66,6 +66,8 @@ module QA
end end
using_wait_time 0 do using_wait_time 0 do
set_initial_password_if_present
sign_in_using_gitlab_credentials(admin) sign_in_using_gitlab_credentials(admin)
end end
......
...@@ -24,6 +24,21 @@ describe UrlValidator do ...@@ -24,6 +24,21 @@ describe UrlValidator do
expect(badge.errors.empty?).to be true expect(badge.errors.empty?).to be true
end end
it 'strips urls' do
badge.link_url = "\n\r\n\nhttps://127.0.0.1\r\n\r\n\n\n\n"
# It's unusual for a validator to modify its arguments. Some extensions,
# such as attr_encrypted, freeze the string to signal that modifications
# will not be persisted, so freeze this string to ensure the scheme is
# compatible with them.
badge.link_url.freeze
subject
expect(badge.errors).to be_empty
expect(badge.link_url).to eq('https://127.0.0.1')
end
end end
context 'when allow_localhost is set to false' do context 'when allow_localhost is set to false' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment