delta/gitlab/gitlab-ce.git/spec/lib/banzai, branch scripts-differences gitlab.com: gitlab-org/gitlab-ce.git Initial commit of WIP code for consideration 2019-08-07T15:13:13+00:00 Kerri Miller kerrizor@kerrizor.com 2019-08-07T15:13:13+00:00 336d3ccc65d522633162b1f6b5fc54591c588221 Squash this commit and reword before merging.. 
Squash this commit and reword before merging..
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq 2019-07-29T18:19:50+00:00 Robert Speicher rspeicher@gmail.com 2019-07-29T18:19:50+00:00 fe22704a203111ab2146143a4ff9d2e1256aecc7 






Fix whitespace in wiki link filtering specs
2019-07-29T11:54:16+00:00

Yorick Peterse
yorickpeterse@gmail.com

2019-07-25T14:55:32+00:00

701b6fce64f3dd31e2050da09b1f9fdb35706904

This ensures this spec is the same in both CE and EE.





This ensures this spec is the same in both CE and EE.







Merge branch 'frozen_string_spec_lib' into 'master'
2019-07-26T20:37:26+00:00

Stan Hu
stanhu@gmail.com

2019-07-26T20:37:26+00:00

ef3e6785a2ac1ac1a950c30184f31e2f96ac45c4

Add frozen_string_literal to spec/lib (part 1)

See merge request gitlab-org/gitlab-ce!31130




Add frozen_string_literal to spec/lib (part 1)

See merge request gitlab-org/gitlab-ce!31130






Extract SanitizeNodeLink and apply to WikiLinkFilter
2019-07-26T13:41:11+00:00

Kerri Miller
kerrizor@kerrizor.com

2019-07-26T13:41:11+00:00

acc694ead6f8a7428efab126aa6b8a29b132db43

The SanitizationFilter was running before the WikiFilter. Since
WikiFilter can modify links, we could see links that _should_ be stopped
by SanatizationFilter being rendered on the page. I (kerrizor) had
previously addressed the bug in: https://gitlab.com/gitlab-org/gitlab-ee/commit/7bc971915bbeadb950bb0e1f13510bf3038229a4
However, an additional exploit was discovered after that was merged.
Working through the issue, we couldn't simply shuffle the order of
filters, due to some implicit assumptions about the order of filters, so
instead we've extracted the logic that sanitizes a Nokogiri-generated
Node object, and applied it to the WikiLinkFilter as well.

On moving filters around:
Once we start moving around filters, we get cascading failures; fix one,
another one crops up. Many of the existing filters in the WikiPipeline
chain seem to assume that other filters have already done their work,
and thus operate on a "transform anything that's left" basis;
WikiFilter, for instance, assumes any link it finds in the markdown
should be prepended with the wiki_base_path.. but if it does that, it
also turns `href="@user"` into `href="/path/to/wiki/@user"`, which the
UserReferenceFilter doesn't see as a user reference it needs to
transform into a user profile link. This is true for all the reference
filters in the WikiPipeline.





The SanitizationFilter was running before the WikiFilter. Since
WikiFilter can modify links, we could see links that _should_ be stopped
by SanatizationFilter being rendered on the page. I (kerrizor) had
previously addressed the bug in: https://gitlab.com/gitlab-org/gitlab-ee/commit/7bc971915bbeadb950bb0e1f13510bf3038229a4
However, an additional exploit was discovered after that was merged.
Working through the issue, we couldn't simply shuffle the order of
filters, due to some implicit assumptions about the order of filters, so
instead we've extracted the logic that sanitizes a Nokogiri-generated
Node object, and applied it to the WikiLinkFilter as well.

On moving filters around:
Once we start moving around filters, we get cascading failures; fix one,
another one crops up. Many of the existing filters in the WikiPipeline
chain seem to assume that other filters have already done their work,
and thus operate on a "transform anything that's left" basis;
WikiFilter, for instance, assumes any link it finds in the markdown
should be prepended with the wiki_base_path.. but if it does that, it
also turns `href="@user"` into `href="/path/to/wiki/@user"`, which the
UserReferenceFilter doesn't see as a user reference it needs to
transform into a user profile link. This is true for all the reference
filters in the WikiPipeline.







Fix cannot modify frozen string
2019-07-26T01:25:07+00:00

Thong Kuah
tkuah@gitlab.com

2019-07-25T10:17:26+00:00

d9db8d85b321a64d2f0b3108d40e66968218835a

Note that Performance/UnfreezeString recommends unary plus over
"".dup, but unary plus has lower precedence so we have to use
parenthesis





Note that Performance/UnfreezeString recommends unary plus over
"".dup, but unary plus has lower precedence so we have to use
parenthesis







Add frozen_string_literal to spec/lib (part 1)
2019-07-26T01:25:07+00:00

Thong Kuah
tkuah@gitlab.com

2019-07-25T05:21:37+00:00

f540ffcef6a278b3465dec43b99a6baaf51eeb51

Using the sed script from
https://gitlab.com/gitlab-org/gitlab-ce/issues/59758





Using the sed script from
https://gitlab.com/gitlab-org/gitlab-ce/issues/59758







Remove code related to object hierarchy in MySQL
2019-07-25T07:35:06+00:00

Heinrich Lee Yu
heinrich@gitlab.com

2019-07-24T09:20:54+00:00

1ce5bcacdbf56682e05fa63875203bf4d10584bc

These are not required because MySQL is not
supported anymore





These are not required because MySQL is not
supported anymore







Rename Redactor classes to ReferenceRedactor
2019-07-16T20:19:08+00:00

Sarah Yasonik
syasonik@gitlab.com

2019-07-16T20:19:08+00:00

cea7ba513c6d623ef921fba07910e98cca71435b












Simplify factories for services
2019-07-16T08:04:54+00:00

Jarka Košanová
jarka@gitlab.com

2019-07-11T09:53:08+00:00

c8e24280c55b5678bc2c01435ab26781bbbb6cd2

- use predefined factories when creating
projects with services
- remove unnecessary arguments





- use predefined factories when creating
projects with services
- remove unnecessary arguments