Commit 38270f9a authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot

Merge branch 'security-wiki-rdoc-content' into 'master'

Pass all wiki markup formats through our Banzai pipeline filters

See merge request gitlab/gitlab-ee!1351
parents 9b95e36d 284a7fe8
...@@ -133,15 +133,7 @@ module MarkupHelper ...@@ -133,15 +133,7 @@ module MarkupHelper
issuable_state_filter_enabled: true issuable_state_filter_enabled: true
) )
html = html = markup_unsafe(wiki_page.path, text, context)
case wiki_page.format
when :markdown
markdown_unsafe(text, context)
when :asciidoc
asciidoc_unsafe(text)
else
wiki_page.formatted_content.html_safe
end
prepare_for_rendering(html, context) prepare_for_rendering(html, context)
end end
......
...@@ -121,6 +121,12 @@ class WikiPage ...@@ -121,6 +121,12 @@ class WikiPage
@version ||= @page.version @version ||= @page.version
end end
def path
return unless persisted?
@path ||= @page.path
end
def versions(options = {}) def versions(options = {})
return [] unless persisted? return [] unless persisted?
......
---
title: Sanitize all wiki markup formats with GitLab sanitization pipelines
merge_request:
author:
type: security
...@@ -10,7 +10,7 @@ module Gitlab ...@@ -10,7 +10,7 @@ module Gitlab
def self.render(file_name, input, context) def self.render(file_name, input, context)
html = GitHub::Markup.render(file_name, input) html = GitHub::Markup.render(file_name, input)
.force_encoding(input.encoding) .force_encoding(input.encoding)
context[:pipeline] = :markup context[:pipeline] ||= :markup
html = Banzai.render(html, context) html = Banzai.render(html, context)
......
...@@ -3,18 +3,18 @@ ...@@ -3,18 +3,18 @@
require 'spec_helper' require 'spec_helper'
describe MarkupHelper do describe MarkupHelper do
let!(:project) { create(:project, :repository) } set(:project) { create(:project, :repository) }
set(:user) do
let(:user) { create(:user, username: 'gfm') } user = create(:user, username: 'gfm')
let(:commit) { project.commit }
let(:issue) { create(:issue, project: project) }
let(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
let(:snippet) { create(:project_snippet, project: project) }
before do
# Ensure the generated reference links aren't redacted
project.add_maintainer(user) project.add_maintainer(user)
user
end
set(:issue) { create(:issue, project: project) }
set(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
set(:snippet) { create(:project_snippet, project: project) }
let(:commit) { project.commit }
before do
# Helper expects a @project instance variable # Helper expects a @project instance variable
helper.instance_variable_set(:@project, project) helper.instance_variable_set(:@project, project)
...@@ -44,8 +44,8 @@ describe MarkupHelper do ...@@ -44,8 +44,8 @@ describe MarkupHelper do
describe "override default project" do describe "override default project" do
let(:actual) { issue.to_reference } let(:actual) { issue.to_reference }
let(:second_project) { create(:project, :public) } set(:second_project) { create(:project, :public) }
let(:second_issue) { create(:issue, project: second_project) } set(:second_issue) { create(:issue, project: second_project) }
it 'links to the issue' do it 'links to the issue' do
expected = urls.project_issue_path(second_project, second_issue) expected = urls.project_issue_path(second_project, second_issue)
...@@ -55,7 +55,7 @@ describe MarkupHelper do ...@@ -55,7 +55,7 @@ describe MarkupHelper do
describe 'uploads' do describe 'uploads' do
let(:text) { "![ImageTest](/uploads/test.png)" } let(:text) { "![ImageTest](/uploads/test.png)" }
let(:group) { create(:group) } set(:group) { create(:group) }
subject { helper.markdown(text) } subject { helper.markdown(text) }
...@@ -77,7 +77,7 @@ describe MarkupHelper do ...@@ -77,7 +77,7 @@ describe MarkupHelper do
end end
describe "with a group in the context" do describe "with a group in the context" do
let(:project_in_group) { create(:project, group: group) } set(:project_in_group) { create(:project, group: group) }
before do before do
helper.instance_variable_set(:@group, group) helper.instance_variable_set(:@group, group)
...@@ -235,38 +235,48 @@ describe MarkupHelper do ...@@ -235,38 +235,48 @@ describe MarkupHelper do
end end
describe '#render_wiki_content' do describe '#render_wiki_content' do
let(:wiki) { double('WikiPage', path: "file.#{extension}") }
let(:context) do
{
pipeline: :wiki, project: project, project_wiki: wiki,
page_slug: 'nested/page', issuable_state_filter_enabled: true
}
end
before do before do
@wiki = double('WikiPage') expect(wiki).to receive(:content).and_return('wiki content')
allow(@wiki).to receive(:content).and_return('wiki content') expect(wiki).to receive(:slug).and_return('nested/page')
allow(@wiki).to receive(:slug).and_return('nested/page') helper.instance_variable_set(:@project_wiki, wiki)
helper.instance_variable_set(:@project_wiki, @wiki)
end end
it "uses Wiki pipeline for markdown files" do context 'when file is Markdown' do
allow(@wiki).to receive(:format).and_return(:markdown) let(:extension) { 'md' }
expect(helper).to receive(:markdown_unsafe).with('wiki content', it 'renders using #markdown_unsafe helper method' do
pipeline: :wiki, project: project, project_wiki: @wiki, page_slug: "nested/page", expect(helper).to receive(:markdown_unsafe).with('wiki content', context)
issuable_state_filter_enabled: true)
helper.render_wiki_content(@wiki) helper.render_wiki_content(wiki)
end
end end
it "uses Asciidoctor for asciidoc files" do context 'when file is Asciidoc' do
allow(@wiki).to receive(:format).and_return(:asciidoc) let(:extension) { 'adoc' }
expect(helper).to receive(:asciidoc_unsafe).with('wiki content') it 'renders using Gitlab::Asciidoc' do
expect(Gitlab::Asciidoc).to receive(:render)
helper.render_wiki_content(@wiki) helper.render_wiki_content(wiki)
end
end end
it "uses the Gollum renderer for all other file types" do context 'any other format' do
allow(@wiki).to receive(:format).and_return(:rdoc) let(:extension) { 'foo' }
formatted_content_stub = double('formatted_content')
expect(formatted_content_stub).to receive(:html_safe)
allow(@wiki).to receive(:formatted_content).and_return(formatted_content_stub)
helper.render_wiki_content(@wiki) it 'renders all other formats using Gitlab::OtherMarkup' do
expect(Gitlab::OtherMarkup).to receive(:render)
helper.render_wiki_content(wiki)
end
end end
end end
......
...@@ -358,6 +358,23 @@ describe WikiPage do ...@@ -358,6 +358,23 @@ describe WikiPage do
end end
end end
describe '#path' do
let(:path) { 'mypath.md' }
let(:wiki_page) { instance_double('Gitlab::Git::WikiPage', path: path).as_null_object }
it 'returns the path when persisted' do
page = described_class.new(wiki, wiki_page, true)
expect(page.path).to eq(path)
end
it 'returns nil when not persisted' do
page = described_class.new(wiki, wiki_page, false)
expect(page.path).to be_nil
end
end
describe '#directory' do describe '#directory' do
context 'when the page is at the root directory' do context 'when the page is at the root directory' do
it 'returns an empty string' do it 'returns an empty string' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment