Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
adf9a518
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
adf9a518
编写于
5月 07, 2016
作者:
S
Stan Hu
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Escape HTML in commit titles in system note messages
Closes #17348
上级
2e116227
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
15 addition
and
1 deletion
+15
-1
CHANGELOG
CHANGELOG
+1
-0
app/services/system_note_service.rb
app/services/system_note_service.rb
+5
-1
spec/services/system_note_service_spec.rb
spec/services/system_note_service_spec.rb
+9
-0
未找到文件。
CHANGELOG
浏览文件 @
adf9a518
...
...
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.8.0 (unreleased)
- Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
- Project#open_branches has been cleaned up and no longer loads entire records into memory.
- Escape HTML in commit titles in system note messages
- Log to application.log when an admin starts and stops impersonating a user
- Updated gitlab_git to 10.1.0
- GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
...
...
app/services/system_note_service.rb
浏览文件 @
adf9a518
...
...
@@ -351,7 +351,7 @@ class SystemNoteService
# Returns an Array of Strings
def
self
.
new_commit_summary
(
new_commits
)
new_commits
.
collect
do
|
commit
|
"*
#{
commit
.
short_id
}
-
#{
commit
.
title
}
"
"*
#{
commit
.
short_id
}
-
#{
escape_html
(
commit
.
title
)
}
"
end
end
...
...
@@ -433,4 +433,8 @@ class SystemNoteService
body
=
"Moved
#{
direction
}
#{
cross_reference
}
"
create_note
(
noteable:
noteable
,
project:
project
,
author:
author
,
note:
body
)
end
def
self
.
escape_html
(
text
)
Rack
::
Utils
.
escape_html
(
text
)
end
end
spec/services/system_note_service_spec.rb
浏览文件 @
adf9a518
...
...
@@ -506,6 +506,15 @@ describe SystemNoteService, services: true do
end
end
describe
'.new_commit_summary'
do
it
'escapes HTML titles'
do
commit
=
double
(
title:
'<pre>This is a test</pre>'
,
short_id:
'12345678'
)
escaped
=
'* 12345678 - <pre>This is a test</pre>'
expect
(
described_class
.
new_commit_summary
([
commit
])).
to
eq
([
escaped
])
end
end
include
JiraServiceHelper
describe
'JIRA integration'
do
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录