diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-01-19 08:44:55 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-01-19 08:44:55 +0000 |
commit | 812413863bec3b1f5f3fcf8a8b71906fe5ca2949 (patch) | |
tree | 3fc7001847e8a02a1294010e65f03bc2a4be3636 | |
parent | a1c0964d7170a98214c37e1a45ce8223c83a33f5 (diff) | |
parent | 3b0235318ef1fd39311910da7eb1893a4d3ae312 (diff) | |
download | gitlab-ce-812413863bec3b1f5f3fcf8a8b71906fe5ca2949.tar.gz |
Merge branch '42159-utf8-uploads' into 'master'
Correctly escape UTF-8 path elements for uploads
Closes #42159
See merge request gitlab-org/gitlab-ce!16560
-rw-r--r-- | changelogs/unreleased/42159-utf8-uploads.yml | 5 | ||||
-rw-r--r-- | lib/banzai/filter/relative_link_filter.rb | 6 | ||||
-rw-r--r-- | spec/lib/banzai/filter/relative_link_filter_spec.rb | 17 |
3 files changed, 17 insertions, 11 deletions
diff --git a/changelogs/unreleased/42159-utf8-uploads.yml b/changelogs/unreleased/42159-utf8-uploads.yml new file mode 100644 index 00000000000..f6eba8f28f5 --- /dev/null +++ b/changelogs/unreleased/42159-utf8-uploads.yml @@ -0,0 +1,5 @@ +--- +title: Correctly escape UTF-8 path elements for uploads +merge_request: 16560 +author: +type: fixed diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb index f6169b2c85d..9bdedeb6615 100644 --- a/lib/banzai/filter/relative_link_filter.rb +++ b/lib/banzai/filter/relative_link_filter.rb @@ -50,7 +50,7 @@ module Banzai end def process_link_to_upload_attr(html_attr) - path_parts = [html_attr.value] + path_parts = [Addressable::URI.unescape(html_attr.value)] if group path_parts.unshift(relative_url_root, 'groups', group.full_path, '-') @@ -58,13 +58,13 @@ module Banzai path_parts.unshift(relative_url_root, project.full_path) end - path = File.join(*path_parts) + path = Addressable::URI.escape(File.join(*path_parts)) html_attr.value = if context[:only_path] path else - URI.join(Gitlab.config.gitlab.base_url, path).to_s + Addressable::URI.join(Gitlab.config.gitlab.base_url, path).to_s end end diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb index 7e17457ce70..3ca4652f7cc 100644 --- a/spec/lib/banzai/filter/relative_link_filter_spec.rb +++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb @@ -278,18 +278,19 @@ describe Banzai::Filter::RelativeLinkFilter do expect(doc.at_css('a')['href']).to eq 'http://example.com' end - it 'supports Unicode filenames' do + it 'supports unescaped Unicode filenames' do path = '/uploads/한글.png' - escaped = Addressable::URI.escape(path) + doc = filter(link(path)) - # Stub these methods so the file doesn't actually need to be in the repo - allow_any_instance_of(described_class) - .to receive(:file_exists?).and_return(true) - allow_any_instance_of(described_class) - .to receive(:image?).with(path).and_return(true) + expect(doc.at_css('a')['href']).to eq("/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png") + end + it 'supports escaped Unicode filenames' do + path = '/uploads/한글.png' + escaped = Addressable::URI.escape(path) doc = filter(image(escaped)) - expect(doc.at_css('img')['src']).to match "/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png" + + expect(doc.at_css('img')['src']).to eq("/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png") end end |