Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42

7 files changed, 68 insertions, 3 deletions

diff --git a/lib/banzai/filter/emoji_filter.rb b/lib/banzai/filter/emoji_filter.rb
index b32fe5e8301..8952a3ff6b4 100644
--- a/lib/banzai/filter/emoji_filter.rb
+++ b/lib/banzai/filter/emoji_filter.rb
@@ -8,6 +8,7 @@ module Banzai
     # Based on HTML::Pipeline::EmojiFilter
     class EmojiFilter < HTML::Pipeline::Filter
       IGNORED_ANCESTOR_TAGS = %w(pre code tt).to_set
+      IGNORE_UNICODE_EMOJIS = %w(™ © ®).freeze
 
       def call
         doc.search(".//text()").each do |node|
@@ -60,7 +61,11 @@ module Banzai
 
       # Build a regexp that matches all valid unicode emojis names.
       def self.emoji_unicode_pattern
-        @emoji_unicode_pattern ||= /(#{Gitlab::Emoji.emojis_unicodes.map { |moji| Regexp.escape(moji) }.join('|')})/
+        @emoji_unicode_pattern ||=
+          begin
+            filtered_emojis = Gitlab::Emoji.emojis_unicodes - IGNORE_UNICODE_EMOJIS
+            /(#{filtered_emojis.map { |moji| Regexp.escape(moji) }.join('|')})/
+          end
       end
 
       private
diff --git a/lib/banzai/filter/normalize_source_filter.rb b/lib/banzai/filter/normalize_source_filter.rb
new file mode 100644
index 00000000000..975cd540873
--- /dev/null
+++ b/lib/banzai/filter/normalize_source_filter.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Banzai
+  module Filter
+    class NormalizeSourceFilter < HTML::Pipeline::Filter
+      UTF8_BOM = "\xEF\xBB\xBF"
+
+      def call
+        # Remove UTF8_BOM from beginning of source text
+        html.delete_prefix(UTF8_BOM)
+      end
+    end
+  end
+end
diff --git a/lib/banzai/filter/reference_filter.rb b/lib/banzai/filter/reference_filter.rb
index cfd4b932568..d22a0e0b504 100644
--- a/lib/banzai/filter/reference_filter.rb
+++ b/lib/banzai/filter/reference_filter.rb
@@ -119,7 +119,7 @@ module Banzai
 
       # Yields the link's URL and inner HTML whenever the node is a valid <a> tag.
       def yield_valid_link(node)
-        link = CGI.unescape(node.attr('href').to_s)
+        link = unescape_link(node.attr('href').to_s)
         inner_html = node.inner_html
 
         return unless link.force_encoding('UTF-8').valid_encoding?
@@ -127,6 +127,10 @@ module Banzai
         yield link, inner_html
       end
 
+      def unescape_link(href)
+        CGI.unescape(href)
+      end
+
       def replace_text_when_pattern_matches(node, index, pattern)
         return unless node.text =~ pattern
 
diff --git a/lib/banzai/filter/vulnerability_reference_filter.rb b/lib/banzai/filter/vulnerability_reference_filter.rb
new file mode 100644
index 00000000000..a59e9836d69
--- /dev/null
+++ b/lib/banzai/filter/vulnerability_reference_filter.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Banzai
+  module Filter
+    # The actual filter is implemented in the EE mixin
+    class VulnerabilityReferenceFilter < IssuableReferenceFilter
+      self.reference_type = :vulnerability
+
+      def self.object_class
+        Vulnerability
+      end
+
+      private
+
+      def project
+        context[:project]
+      end
+    end
+  end
+end
+
+Banzai::Filter::VulnerabilityReferenceFilter.prepend_if_ee('EE::Banzai::Filter::VulnerabilityReferenceFilter')
diff --git a/lib/banzai/pipeline/pre_process_pipeline.rb b/lib/banzai/pipeline/pre_process_pipeline.rb
index 4c2b4ca1665..1f7cb437fcd 100644
--- a/lib/banzai/pipeline/pre_process_pipeline.rb
+++ b/lib/banzai/pipeline/pre_process_pipeline.rb
@@ -5,6 +5,7 @@ module Banzai
     class PreProcessPipeline < BasePipeline
       def self.filters
         FilterArray[
+          Filter::NormalizeSourceFilter,
           Filter::FrontMatterFilter,
           Filter::BlockquoteFenceFilter,
         ]
diff --git a/lib/banzai/reference_parser/base_parser.rb b/lib/banzai/reference_parser/base_parser.rb
index c4d7e40b46c..3dfea8ee895 100644
--- a/lib/banzai/reference_parser/base_parser.rb
+++ b/lib/banzai/reference_parser/base_parser.rb
@@ -178,7 +178,10 @@ module Banzai
             collection.where(id: to_query).each { |row| cache[row.id] = row }
           end
 
-          ids.uniq.map { |id| cache[id] }.compact
+          ids.each_with_object([]) do |id, array|
+            row = cache[id]
+            array << row if row
+          end
         else
           collection.where(id: ids)
         end
diff --git a/lib/banzai/reference_parser/vulnerability_parser.rb b/lib/banzai/reference_parser/vulnerability_parser.rb
new file mode 100644
index 00000000000..143f2605927
--- /dev/null
+++ b/lib/banzai/reference_parser/vulnerability_parser.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Banzai
+  module ReferenceParser
+    # The actual parser is implemented in the EE mixin
+    class VulnerabilityParser < IssuableParser
+      self.reference_type = :vulnerability
+
+      def records_for_nodes(_nodes)
+        {}
+      end
+    end
+  end
+end
+
+Banzai::ReferenceParser::VulnerabilityParser.prepend_if_ee('::EE::Banzai::ReferenceParser::VulnerabilityParser')