Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
0c2bb8d1
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
0c2bb8d1
编写于
5月 09, 2016
作者:
R
Rémy Coutable
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'issue_15394' into 'master'
Sanitize milestones and labels titles fixes #15394 See merge request !4046
上级
8dd2188b
32811d98
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
26 addition
and
1 deletion
+26
-1
CHANGELOG
CHANGELOG
+1
-0
app/models/label.rb
app/models/label.rb
+4
-0
app/models/milestone.rb
app/models/milestone.rb
+4
-0
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
+1
-1
spec/models/label_spec.rb
spec/models/label_spec.rb
+8
-0
spec/models/milestone_spec.rb
spec/models/milestone_spec.rb
+8
-0
未找到文件。
CHANGELOG
浏览文件 @
0c2bb8d1
...
...
@@ -21,6 +21,7 @@ v 8.8.0 (unreleased)
- Update SVG sanitizer to conform to SVG 1.1
- Updated search UI
- Display informative message when new milestone is created
- Sanitize milestones and labels titles
- Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
- Added button to toggle whitespaces changes on diff view
- Backport GitHub Enterprise import support from EE
...
...
app/models/label.rb
浏览文件 @
0c2bb8d1
...
...
@@ -117,6 +117,10 @@ class Label < ActiveRecord::Base
LabelsHelper
::
text_color_for_bg
(
self
.
color
)
end
def
title
=
(
value
)
write_attribute
(
:title
,
Sanitize
.
clean
(
value
.
to_s
))
if
value
.
present?
end
private
def
label_format_reference
(
format
=
:id
)
...
...
app/models/milestone.rb
浏览文件 @
0c2bb8d1
...
...
@@ -129,6 +129,10 @@ class Milestone < ActiveRecord::Base
nil
end
def
title
=
(
value
)
write_attribute
(
:title
,
Sanitize
.
clean
(
value
.
to_s
))
if
value
.
present?
end
# Sorts the issues for the given IDs.
#
# This method runs a single SQL query using a CASE statement to update the
...
...
spec/lib/banzai/filter/milestone_reference_filter_spec.rb
浏览文件 @
0c2bb8d1
...
...
@@ -43,7 +43,7 @@ describe Banzai::Filter::MilestoneReferenceFilter, lib: true do
milestone
.
update_attribute
(
:title
,
%{"></a>whatever<a title="}
)
doc
=
reference_filter
(
"milestone
#{
reference
}
"
)
expect
(
doc
.
text
).
to
eq
"milestone
#{
milestone
.
title
}
"
expect
(
doc
.
text
).
to
eq
"milestone
\"
>whatever
"
end
it
'includes default classes'
do
...
...
spec/models/label_spec.rb
浏览文件 @
0c2bb8d1
...
...
@@ -55,6 +55,14 @@ describe Label, models: true do
end
end
describe
"#title"
do
let
(
:label
)
{
create
(
:label
,
title:
"<b>test</b>"
)
}
it
"sanitizes title"
do
expect
(
label
.
title
).
to
eq
(
"test"
)
end
end
describe
'#to_reference'
do
context
'using id'
do
it
'returns a String reference to the object'
do
...
...
spec/models/milestone_spec.rb
浏览文件 @
0c2bb8d1
...
...
@@ -34,6 +34,14 @@ describe Milestone, models: true do
let
(
:issue
)
{
create
(
:issue
)
}
let
(
:user
)
{
create
(
:user
)
}
describe
"#title"
do
let
(
:milestone
)
{
create
(
:milestone
,
title:
"<b>test</b>"
)
}
it
"sanitizes title"
do
expect
(
milestone
.
title
).
to
eq
(
"test"
)
end
end
describe
"unique milestone title per project"
do
it
"shouldn't accept the same title in a project twice"
do
new_milestone
=
Milestone
.
new
(
project:
milestone
.
project
,
title:
milestone
.
title
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录