Fix errors deleting and creating branches with encoded slashes

Closes #1804

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.14.0 (unreleased)
+  - Fix errors deleting and creating branches with encoded slashes (Stan Hu)
   - Fix multi-line syntax highlighting (Stan Hu)
   - Fix network graph when branch name has single quotes (Stan Hu)
   - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu)

app/controllers/projects/branches_controller.rb

@@ -17,7 +17,9 @@ class Projects::BranchesController < Projects::ApplicationController
 
   def create
     branch_name = sanitize(strip_tags(params[:branch_name]))
+    branch_name = Addressable::URI.unescape(branch_name)
     ref = sanitize(strip_tags(params[:ref]))
+    ref = Addressable::URI.unescape(ref)
     result = CreateBranchService.new(project, current_user).
         execute(branch_name, ref)
 
@@ -32,9 +34,8 @@ class Projects::BranchesController < Projects::ApplicationController
   end
 
   def destroy
-    status = DeleteBranchService.new(project, current_user).execute(params[:id])
-    @branch_name = params[:id]
-
+    @branch_name = Addressable::URI.unescape(params[:id])
+    status = DeleteBranchService.new(project, current_user).execute(@branch_name)
     respond_to do |format|
       format.html do
         redirect_to namespace_project_branches_path(@project.namespace,

spec/controllers/branches_controller_spec.rb

@@ -54,6 +54,13 @@ describe Projects::BranchesController do
       let(:ref) { "<script>alert('ref');</script>" }
       it { is_expected.to render_template('new') }
     end
+
+    context "valid branch name with encoded slashes" do
+      let(:branch) { "feature%2Ftest" }
+      let(:ref) { "<script>alert('ref');</script>" }
+      it { is_expected.to render_template('new') }
+      it { project.repository.branch_names.include?('feature/test')}
+    end
   end
 
   describe "POST destroy" do
@@ -74,6 +81,19 @@ describe Projects::BranchesController do
       it { expect(subject).to render_template('destroy') }
     end
 
+    context "valid branch name with unencoded slashes" do
+      let(:branch) { "improve/awesome" }
+
+      it { expect(response.status).to eq(200) }
+      it { expect(subject).to render_template('destroy') }
+    end
+
+    context "valid branch name with encoded slashes" do
+      let(:branch) { "improve%2Fawesome" }
+
+      it { expect(response.status).to eq(200) }
+      it { expect(subject).to render_template('destroy') }
+    end
     context "invalid branch name, valid ref" do
       let(:branch) { "no-branch" }