Commit ac73df36 authored by Phil Hughes's avatar Phil Hughes

Correctly escape special characters in Vue file listing routes

Closes https://gitlab.com/gitlab-org/gitlab/issues/202123
parent 0f29bc50
...@@ -45,7 +45,7 @@ export default { ...@@ -45,7 +45,7 @@ export default {
currentPath: { currentPath: {
type: String, type: String,
required: false, required: false,
default: '/', default: '',
}, },
canCollaborate: { canCollaborate: {
type: Boolean, type: Boolean,
...@@ -107,7 +107,7 @@ export default { ...@@ -107,7 +107,7 @@ export default {
return acc.concat({ return acc.concat({
name, name,
path, path,
to: `/-/tree/${escape(this.ref)}${path}`, to: `/-/tree/${escape(this.ref)}${escape(path)}`,
}); });
}, },
[ [
...@@ -133,7 +133,7 @@ export default { ...@@ -133,7 +133,7 @@ export default {
}, },
{ {
attrs: { attrs: {
href: `${this.newBlobPath}${this.currentPath}`, href: `${this.newBlobPath}/${this.currentPath ? escape(this.currentPath) : ''}`,
class: 'qa-new-file-option', class: 'qa-new-file-option',
}, },
text: __('New file'), text: __('New file'),
......
...@@ -28,7 +28,7 @@ export default { ...@@ -28,7 +28,7 @@ export default {
return splitArray.join('/'); return splitArray.join('/');
}, },
parentRoute() { parentRoute() {
return { path: `/-/tree/${escape(this.commitRef)}/${this.parentPath}` }; return { path: `/-/tree/${escape(this.commitRef)}/${escape(this.parentPath)}` };
}, },
}, },
methods: { methods: {
......
...@@ -90,7 +90,7 @@ export default { ...@@ -90,7 +90,7 @@ export default {
}, },
computed: { computed: {
routerLinkTo() { routerLinkTo() {
return this.isFolder ? { path: `/-/tree/${escape(this.ref)}/${this.path}` } : null; return this.isFolder ? { path: `/-/tree/${escape(this.ref)}/${escape(this.path)}` } : null;
}, },
iconName() { iconName() {
return `fa-${getIconName(this.type, this.path)}`; return `fa-${getIconName(this.type, this.path)}`;
......
...@@ -100,7 +100,7 @@ export default function setupVueRepositoryList() { ...@@ -100,7 +100,7 @@ export default function setupVueRepositoryList() {
render(h) { render(h) {
return h(TreeActionLink, { return h(TreeActionLink, {
props: { props: {
path: `${historyLink}/${this.$route.params.path || ''}`, path: `${historyLink}/${this.$route.params.path ? escape(this.$route.params.path) : ''}`,
text: __('History'), text: __('History'),
}, },
}); });
......
...@@ -27,9 +27,8 @@ export function fetchLogsTree(client, path, offset, resolver = null) { ...@@ -27,9 +27,8 @@ export function fetchLogsTree(client, path, offset, resolver = null) {
fetchpromise = axios fetchpromise = axios
.get( .get(
`${gon.relative_url_root}/${projectPath}/-/refs/${escape(ref)}/logs_tree/${path.replace( `${gon.relative_url_root}/${projectPath}/-/refs/${escape(ref)}/logs_tree/${escape(
/^\//, path.replace(/^\//, ''),
'',
)}`, )}`,
{ {
params: { format: 'json', offset }, params: { format: 'json', offset },
......
...@@ -33,6 +33,17 @@ describe('Repository breadcrumbs component', () => { ...@@ -33,6 +33,17 @@ describe('Repository breadcrumbs component', () => {
expect(vm.findAll(RouterLinkStub).length).toEqual(linkCount); expect(vm.findAll(RouterLinkStub).length).toEqual(linkCount);
}); });
it('escapes hash in directory path', () => {
factory('app/assets/javascripts#');
expect(
vm
.findAll(RouterLinkStub)
.at(3)
.props('to'),
).toEqual('/-/tree//app/assets/javascripts%23');
});
it('renders last link as active', () => { it('renders last link as active', () => {
factory('app/assets'); factory('app/assets');
......
...@@ -31,9 +31,10 @@ describe('Repository parent row component', () => { ...@@ -31,9 +31,10 @@ describe('Repository parent row component', () => {
}); });
it.each` it.each`
path | to path | to
${'app'} | ${'/-/tree/master/'} ${'app'} | ${'/-/tree/master/'}
${'app/assets'} | ${'/-/tree/master/app'} ${'app/assets'} | ${'/-/tree/master/app'}
${'app/assets#/test'} | ${'/-/tree/master/app/assets%23'}
`('renders link in $path to $to', ({ path, to }) => { `('renders link in $path to $to', ({ path, to }) => {
factory(path); factory(path);
......
...@@ -95,6 +95,22 @@ describe('Repository table row component', () => { ...@@ -95,6 +95,22 @@ describe('Repository table row component', () => {
}); });
}); });
it('pushes new route for directory with hash', () => {
factory({
id: '1',
sha: '123',
path: 'test#',
type: 'tree',
currentPath: '/',
});
return vm.vm.$nextTick().then(() => {
vm.trigger('click');
expect($router.push).toHaveBeenCalledWith({ path: '/-/tree/master/test%23' });
});
});
it.each` it.each`
type | pushes type | pushes
${'tree'} | ${true} ${'tree'} | ${true}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment