Commit d83eb63b authored by Douwe Maan's avatar Douwe Maan

Merge branch '17014-remove-rails-deprecated_sanitizer' into 'master'

Resolve "Remove rails-deprecated_sanitizer"

Closes #17014

See merge request gitlab-org/gitlab-ce!27268
parents 8ede9d18 da026ac2
source 'https://rubygems.org' source 'https://rubygems.org'
gem 'rails', '5.0.7.2' gem 'rails', '5.0.7.2'
gem 'rails-deprecated_sanitizer', '~> 1.0.3'
# Improves copy-on-write performance for MRI # Improves copy-on-write performance for MRI
gem 'nakayoshi_fork', '~> 0.0.4' gem 'nakayoshi_fork', '~> 0.0.4'
......
...@@ -654,8 +654,6 @@ GEM ...@@ -654,8 +654,6 @@ GEM
actionpack (~> 5.x, >= 5.0.1) actionpack (~> 5.x, >= 5.0.1)
actionview (~> 5.x, >= 5.0.1) actionview (~> 5.x, >= 5.0.1)
activesupport (~> 5.x) activesupport (~> 5.x)
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (2.0.3) rails-dom-testing (2.0.3)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
nokogiri (>= 1.6) nokogiri (>= 1.6)
...@@ -1111,7 +1109,6 @@ DEPENDENCIES ...@@ -1111,7 +1109,6 @@ DEPENDENCIES
rack-proxy (~> 0.6.0) rack-proxy (~> 0.6.0)
rails (= 5.0.7.2) rails (= 5.0.7.2)
rails-controller-testing rails-controller-testing
rails-deprecated_sanitizer (~> 1.0.3)
rails-i18n (~> 5.1) rails-i18n (~> 5.1)
rainbow (~> 3.0) rainbow (~> 3.0)
raindrops (~> 0.18) raindrops (~> 0.18)
......
...@@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController ...@@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
def create def create
branch_name = sanitize(strip_tags(params[:branch_name])) branch_name = strip_tags(sanitize(params[:branch_name]))
branch_name = Addressable::URI.unescape(branch_name) branch_name = Addressable::URI.unescape(branch_name)
redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present? redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present?
...@@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController ...@@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController
def ref def ref
if params[:ref] if params[:ref]
ref_escaped = sanitize(strip_tags(params[:ref])) ref_escaped = strip_tags(sanitize(params[:ref]))
Addressable::URI.unescape(ref_escaped) Addressable::URI.unescape(ref_escaped)
else else
@project.default_branch || 'master' @project.default_branch || 'master'
......
...@@ -241,9 +241,7 @@ module MarkupHelper ...@@ -241,9 +241,7 @@ module MarkupHelper
node.remove if node.name == 'a' && node.content.blank? node.remove if node.name == 'a' && node.content.blank?
end end
# Use `Loofah` directly instead of `sanitize` sanitize text, scrubber: scrubber
# as we still use the `rails-deprecated_sanitizer` gem
Loofah.fragment(text).scrub!(scrubber).to_s
end end
def markdown_toolbar_button(options = {}) def markdown_toolbar_button(options = {})
......
...@@ -164,8 +164,6 @@ module Gitlab ...@@ -164,8 +164,6 @@ module Gitlab
# Version of your assets, change this if you want to expire all your assets # Version of your assets, change this if you want to expire all your assets
config.assets.version = '1.0' config.assets.version = '1.0'
config.action_view.sanitized_allowed_protocols = %w(smb)
# Can be removed once upgraded to Rails 5.1 or higher # Can be removed once upgraded to Rails 5.1 or higher
config.action_controller.raise_on_unfiltered_parameters = true config.action_controller.raise_on_unfiltered_parameters = true
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment