Commit a8983684 authored by Mike Greiling's avatar Mike Greiling

Merge branch '31662-fix-excessive-find-file-escaping' into 'master'

Resolve "Too-eager urlencoding for find files links"

See merge request gitlab-org/gitlab!21861
parents 8d870a74 6a34da1c
...@@ -4,6 +4,7 @@ import $ from 'jquery'; ...@@ -4,6 +4,7 @@ import $ from 'jquery';
import fuzzaldrinPlus from 'fuzzaldrin-plus'; import fuzzaldrinPlus from 'fuzzaldrin-plus';
import sanitize from 'sanitize-html'; import sanitize from 'sanitize-html';
import axios from '~/lib/utils/axios_utils'; import axios from '~/lib/utils/axios_utils';
import { joinPaths, escapeFileUrl } from '~/lib/utils/url_utility';
import flash from '~/flash'; import flash from '~/flash';
import { __ } from '~/locale'; import { __ } from '~/locale';
...@@ -116,7 +117,7 @@ export default class ProjectFindFile { ...@@ -116,7 +117,7 @@ export default class ProjectFindFile {
if (searchText) { if (searchText) {
matches = fuzzaldrinPlus.match(filePath, searchText); matches = fuzzaldrinPlus.match(filePath, searchText);
} }
const blobItemUrl = `${this.options.blobUrlTemplate}/${encodeURIComponent(filePath)}`; const blobItemUrl = joinPaths(this.options.blobUrlTemplate, escapeFileUrl(filePath));
const html = ProjectFindFile.makeHtml(filePath, matches, blobItemUrl); const html = ProjectFindFile.makeHtml(filePath, matches, blobItemUrl);
results.push(this.element.find('.tree-table > tbody').append(html)); results.push(this.element.find('.tree-table > tbody').append(html));
} }
......
---
title: Fix project file finder url encoding file path separators
merge_request: 21861
author:
type: fixed
...@@ -42,21 +42,23 @@ describe('ProjectFindFile', () => { ...@@ -42,21 +42,23 @@ describe('ProjectFindFile', () => {
})); }));
const files = [ const files = [
'fileA.txt', { path: 'fileA.txt', escaped: 'fileA.txt' },
'fileB.txt', { path: 'fileB.txt', escaped: 'fileB.txt' },
'fi#leC.txt', { path: 'fi#leC.txt', escaped: 'fi%23leC.txt' },
'folderA/fileD.txt', { path: 'folderA/fileD.txt', escaped: 'folderA/fileD.txt' },
'folder#B/fileE.txt', { path: 'folder#B/fileE.txt', escaped: 'folder%23B/fileE.txt' },
'folde?rC/fil#F.txt', { path: 'folde?rC/fil#F.txt', escaped: 'folde%3FrC/fil%23F.txt' },
]; ];
beforeEach(() => { beforeEach(done => {
// Create a mock adapter for stubbing axios API requests // Create a mock adapter for stubbing axios API requests
mock = new MockAdapter(axios); mock = new MockAdapter(axios);
element = $(TEMPLATE); element = $(TEMPLATE);
mock.onGet(FILE_FIND_URL).replyOnce(200, files); mock.onGet(FILE_FIND_URL).replyOnce(200, files.map(x => x.path));
getProjectFindFileInstance(); // This triggers a load / axios call + subsequent render in the constructor getProjectFindFileInstance(); // This triggers a load / axios call + subsequent render in the constructor
setImmediate(done);
}); });
afterEach(() => { afterEach(() => {
...@@ -65,26 +67,19 @@ describe('ProjectFindFile', () => { ...@@ -65,26 +67,19 @@ describe('ProjectFindFile', () => {
sanitize.mockClear(); sanitize.mockClear();
}); });
it('loads and renders elements from remote server', done => { it('loads and renders elements from remote server', () => {
setImmediate(() => { expect(findFiles()).toEqual(
expect(findFiles()).toEqual( files.map(({ path, escaped }) => ({
files.map(text => ({ text: path,
text, href: `${BLOB_URL_TEMPLATE}/${escaped}`,
href: `${BLOB_URL_TEMPLATE}/${encodeURIComponent(text)}`, })),
})), );
);
done();
});
}); });
it('sanitizes search text', done => { it('sanitizes search text', () => {
const searchText = element.find('.file-finder-input').val(); const searchText = element.find('.file-finder-input').val();
setImmediate(() => { expect(sanitize).toHaveBeenCalledTimes(1);
expect(sanitize).toHaveBeenCalledTimes(1); expect(sanitize).toHaveBeenCalledWith(searchText);
expect(sanitize).toHaveBeenCalledWith(searchText);
done();
});
}); });
}); });
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment