Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorThiago Presa <tpresa@gitlab.com>2018-10-23 05:21:37 +0300
committerThiago Presa <tpresa@gitlab.com>2018-10-25 03:38:58 +0300
commit0bfcbc390f207fe4a4214334842fb80e0d963833 (patch)
tree483cf38846e0c49625c3d6fcd26ca9678865cddf /app
parent5bc0403f4516faff376b9d2de54ebb7cf2747aa1 (diff)
Merge branch 'security-11-3-51527-xss-in-mr-source-branch' into 'security-11-3'
[11.3] Fix XSS in MR source branch name See merge request gitlab/gitlabhq!2545
Diffstat (limited to 'app')
-rw-r--r--app/presenters/merge_request_presenter.rb12
1 files changed, 3 insertions, 9 deletions
diff --git a/app/presenters/merge_request_presenter.rb b/app/presenters/merge_request_presenter.rb
index 8c4eac3c31d..800d0196729 100644
--- a/app/presenters/merge_request_presenter.rb
+++ b/app/presenters/merge_request_presenter.rb
@@ -108,16 +108,10 @@ class MergeRequestPresenter < Gitlab::View::Presenter::Delegated
namespace = source_project_namespace
branch = source_branch
- if source_branch_exists?
- namespace = link_to(namespace, project_path(source_project))
- branch = link_to(branch, project_tree_path(source_project, source_branch))
- end
+ namespace_link = source_branch_exists? ? link_to(namespace, project_path(source_project)) : ERB::Util.html_escape(namespace)
+ branch_link = source_branch_exists? ? link_to(branch, project_tree_path(source_project, source_branch)) : ERB::Util.html_escape(branch)
- if for_fork?
- namespace + ":" + branch
- else
- branch
- end
+ for_fork? ? "#{namespace_link}:#{branch_link}" : branch_link
end
def closing_issues_links
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 14:56:57 +0300