From 7b1c7e980459210bea3f967cbc6b1c797c1ff658 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 29 Apr 2022 08:18:56 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee

---
 lib/gitlab/ci/pipeline/chain/helpers.rb            | 11 +++++++----
 lib/gitlab/ci/pipeline/chain/validate/abilities.rb |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'lib/gitlab/ci/pipeline')

diff --git a/lib/gitlab/ci/pipeline/chain/helpers.rb b/lib/gitlab/ci/pipeline/chain/helpers.rb
index 09158bf8bfd..343a189f773 100644
--- a/lib/gitlab/ci/pipeline/chain/helpers.rb
+++ b/lib/gitlab/ci/pipeline/chain/helpers.rb
@@ -6,25 +6,28 @@ module Gitlab
       module Chain
         module Helpers
           def error(message, config_error: false, drop_reason: nil)
+            sanitized_message = ActionController::Base.helpers.sanitize(message, tags: [])
+
             if config_error
               drop_reason = :config_error
-              pipeline.yaml_errors = message
+              pipeline.yaml_errors = sanitized_message
             end
 
-            pipeline.add_error_message(message)
+            pipeline.add_error_message(sanitized_message)
 
             drop_pipeline!(drop_reason)
 
             # TODO: consider not to rely on AR errors directly as they can be
             # polluted with other unrelated errors (e.g. state machine)
             # https://gitlab.com/gitlab-org/gitlab/-/issues/220823
-            pipeline.errors.add(:base, message)
+            pipeline.errors.add(:base, sanitized_message)
 
             pipeline.errors.full_messages
           end
 
           def warning(message)
-            pipeline.add_warning_message(message)
+            sanitized_message = ActionController::Base.helpers.sanitize(message, tags: [])
+            pipeline.add_warning_message(sanitized_message)
           end
 
           private
diff --git a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb
index 1c1f7abb6f6..035167f1a74 100644
--- a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb
+++ b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb
@@ -23,7 +23,7 @@ module Gitlab
               end
 
               unless allowed_to_write_ref?
-                error("You do not have sufficient permission to run a pipeline on '#{command.ref}'. Please select a different branch or contact your administrator for assistance. <a href=https://docs.gitlab.com/ee/ci/pipelines/#pipeline-security-on-protected-branches>Learn more</a>".html_safe)
+                error("You do not have sufficient permission to run a pipeline on '#{command.ref}'. Please select a different branch or contact your administrator for assistance.")
               end
             end
 
-- 
cgit v1.2.3