diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-03 00:07:38 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-03 00:07:38 +0300 |
| commit | 9d54184f308893338967b18874dedebf38acf89e (patch) | |
| tree | 100e32c6d4b34deac52d9e98a083361d89804b50 /lib | |
| parent | d5b5f5e6e1474d5526add9033c9754b8e395841f (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/entities.rb | 6 | ||||
| -rw-r--r-- | lib/banzai/filter/relative_link_filter.rb | 12 |
2 files changed, 14 insertions, 4 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb index a86fb44caa1..0240fc1539f 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -1363,7 +1363,7 @@ module API expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? } expose :commit, using: Entities::Commit, if: ->(_, _) { can_download_code? } expose :upcoming_release?, as: :upcoming_release - expose :milestones, using: Entities::Milestone, if: -> (release, _) { release.milestones.present? } + expose :milestones, using: Entities::Milestone, if: -> (release, _) { release.milestones.present? && can_read_milestone? } expose :commit_path, expose_nil: false expose :tag_path, expose_nil: false expose :evidence_sha, expose_nil: false, if: ->(_, _) { can_download_code? } @@ -1389,6 +1389,10 @@ module API def can_download_code? Ability.allowed?(options[:current_user], :download_code, object.project) end + + def can_read_milestone? + Ability.allowed?(options[:current_user], :read_milestone, object.project) + end end class Tag < Grape::Entity diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb index 583b0081319..4f257189f8e 100644 --- a/lib/banzai/filter/relative_link_filter.rb +++ b/lib/banzai/filter/relative_link_filter.rb @@ -116,7 +116,7 @@ module Banzai end def process_link_to_upload_attr(html_attr) - path_parts = [Addressable::URI.unescape(html_attr.value)] + path_parts = [unescape_and_scrub_uri(html_attr.value)] if project path_parts.unshift(relative_url_root, project.full_path) @@ -172,7 +172,7 @@ module Banzai end def cleaned_file_path(uri) - Addressable::URI.unescape(uri.path).scrub.delete("\0").chomp("/") + unescape_and_scrub_uri(uri.path).delete("\0").chomp("/") end def relative_file_path(uri) @@ -184,7 +184,7 @@ module Banzai def request_path return unless context[:requested_path] - Addressable::URI.unescape(context[:requested_path]).chomp("/") + unescape_and_scrub_uri(context[:requested_path]).chomp("/") end # Convert a relative path into its correct location based on the currently @@ -266,6 +266,12 @@ module Banzai def repository @repository ||= project&.repository end + + private + + def unescape_and_scrub_uri(uri) + Addressable::URI.unescape(uri).scrub + end end end end |