Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
46696bde
Commit
46696bde
authored
Jun 15, 2016
by
Paco Guzman
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Banzai::Filter::UploadLinkFilter use XPath
parent
1b43f51a
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
22 additions
and
10 deletions
+22
-10
CHANGELOG
CHANGELOG
+1
-0
lib/banzai/filter/upload_link_filter.rb
lib/banzai/filter/upload_link_filter.rb
+3
-8
spec/lib/banzai/filter/upload_link_filter_spec.rb
spec/lib/banzai/filter/upload_link_filter_spec.rb
+18
-2
No files found.
CHANGELOG
View file @
46696bde
...
...
@@ -118,6 +118,7 @@ v 8.8.5
- Prevent unauthorized access for projects build traces
- Forbid scripting for wiki files
- Only show notes through JSON on confidential issues that the user has access to
- Banzai::Filter::UploadLinkFilter use XPath instead CSS expressions
v 8.8.4
- Fix LDAP-based login for users with 2FA enabled. !4493
...
...
lib/banzai/filter/upload_link_filter.rb
View file @
46696bde
...
...
@@ -10,11 +10,11 @@ module Banzai
def
call
return
doc
unless
project
doc
.
search
(
'a
'
).
each
do
|
el
|
doc
.
xpath
(
'descendant-or-self::a[starts-with(@href, "/uploads/")]
'
).
each
do
|
el
|
process_link_attr
el
.
attribute
(
'href'
)
end
doc
.
search
(
'img
'
).
each
do
|
el
|
doc
.
xpath
(
'descendant-or-self::img[starts-with(@src, "/uploads/")]
'
).
each
do
|
el
|
process_link_attr
el
.
attribute
(
'src'
)
end
...
...
@@ -24,12 +24,7 @@ module Banzai
protected
def
process_link_attr
(
html_attr
)
return
if
html_attr
.
blank?
uri
=
html_attr
.
value
if
uri
.
starts_with?
(
"/uploads/"
)
html_attr
.
value
=
build_url
(
uri
).
to_s
end
html_attr
.
value
=
build_url
(
html_attr
.
value
).
to_s
end
def
build_url
(
uri
)
...
...
spec/lib/banzai/filter/upload_link_filter_spec.rb
View file @
46696bde
...
...
@@ -23,6 +23,14 @@ describe Banzai::Filter::UploadLinkFilter, lib: true do
%(<a href="#{path}">#{path}</a>)
end
def
nested_image
(
path
)
%(<div><img src="#{path}" /></div>)
end
def
nested_link
(
path
)
%(<div><a href="#{path}">#{path}</a></div>)
end
let
(
:project
)
{
create
(
:project
)
}
shared_examples
:preserve_unchanged
do
...
...
@@ -47,11 +55,19 @@ describe Banzai::Filter::UploadLinkFilter, lib: true do
doc
=
filter
(
link
(
'/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'
))
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
"
#{
Gitlab
.
config
.
gitlab
.
url
}
/
#{
project
.
path_with_namespace
}
/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
doc
=
filter
(
nested_link
(
'/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'
))
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
to
eq
"
#{
Gitlab
.
config
.
gitlab
.
url
}
/
#{
project
.
path_with_namespace
}
/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
end
it
'rebuilds relative URL for an image'
do
doc
=
filter
(
link
(
'/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'
))
expect
(
doc
.
at_css
(
'a'
)[
'href'
]).
doc
=
filter
(
image
(
'/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'
))
expect
(
doc
.
at_css
(
'img'
)[
'src'
]).
to
eq
"
#{
Gitlab
.
config
.
gitlab
.
url
}
/
#{
project
.
path_with_namespace
}
/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
doc
=
filter
(
nested_image
(
'/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'
))
expect
(
doc
.
at_css
(
'img'
)[
'src'
]).
to
eq
"
#{
Gitlab
.
config
.
gitlab
.
url
}
/
#{
project
.
path_with_namespace
}
/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment