Commit dc45d724 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch '12769-milestone-blank-name-causes-issues' into 'master'

Ensure milestone titles are never empty

See merge request gitlab-org/gitlab!19985
parents 6c0dea86 1bbdbd6d
......@@ -60,6 +60,7 @@ class Milestone < ApplicationRecord
validates :group, presence: true, unless: :project
validates :project, presence: true, unless: :group
validates :title, presence: true
validate :uniqueness_of_title, if: :title_changed?
validate :milestone_type_check
......
---
title: Ensure milestone titles are never empty
merge_request: 19985
author:
type: fixed
# frozen_string_literal: true
class EnsureNoEmptyMilestoneTitles < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def up
loop do
rows_updated = exec_update <<~SQL
UPDATE milestones SET title = '%BLANK' WHERE id IN (SELECT id FROM milestones WHERE title = '' LIMIT 500)
SQL
break if rows_updated < 500
end
end
def down; end
end
......@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2019_11_12_221821) do
ActiveRecord::Schema.define(version: 2019_11_12_232338) do
# These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm"
......
......@@ -55,6 +55,17 @@ describe Milestone do
end
end
describe 'title' do
it { is_expected.to validate_presence_of(:title) }
it 'is invalid if title would be empty after sanitation' do
milestone = build(:milestone, project: project, title: '<img src=x onerror=prompt(1)>')
expect(milestone).not_to be_valid
expect(milestone.errors[:title]).to include("can't be blank")
end
end
describe 'milestone_releases' do
let(:milestone) { build(:milestone, project: project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment