summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Thomas <nick@gitlab.com>2018-01-18 16:29:00 +0000
committerNick Thomas <nick@gitlab.com>2018-01-18 17:32:19 +0000
commit3b0235318ef1fd39311910da7eb1893a4d3ae312 (patch)
tree02c5597d014dd28cf9914c4f246e3d9a874f01bd
parente56bcf92774b19115f62b609163c44ba9d919e69 (diff)
downloadgitlab-ce-3b0235318ef1fd39311910da7eb1893a4d3ae312.tar.gz
Correctly escape UTF-8 path elements for uploads
-rw-r--r--changelogs/unreleased/42159-utf8-uploads.yml5
-rw-r--r--lib/banzai/filter/relative_link_filter.rb6
-rw-r--r--spec/lib/banzai/filter/relative_link_filter_spec.rb17
3 files changed, 17 insertions, 11 deletions
diff --git a/changelogs/unreleased/42159-utf8-uploads.yml b/changelogs/unreleased/42159-utf8-uploads.yml
new file mode 100644
index 00000000000..f6eba8f28f5
--- /dev/null
+++ b/changelogs/unreleased/42159-utf8-uploads.yml
@@ -0,0 +1,5 @@
+---
+title: Correctly escape UTF-8 path elements for uploads
+merge_request: 16560
+author:
+type: fixed
diff --git a/lib/banzai/filter/relative_link_filter.rb b/lib/banzai/filter/relative_link_filter.rb
index f6169b2c85d..9bdedeb6615 100644
--- a/lib/banzai/filter/relative_link_filter.rb
+++ b/lib/banzai/filter/relative_link_filter.rb
@@ -50,7 +50,7 @@ module Banzai
end
def process_link_to_upload_attr(html_attr)
- path_parts = [html_attr.value]
+ path_parts = [Addressable::URI.unescape(html_attr.value)]
if group
path_parts.unshift(relative_url_root, 'groups', group.full_path, '-')
@@ -58,13 +58,13 @@ module Banzai
path_parts.unshift(relative_url_root, project.full_path)
end
- path = File.join(*path_parts)
+ path = Addressable::URI.escape(File.join(*path_parts))
html_attr.value =
if context[:only_path]
path
else
- URI.join(Gitlab.config.gitlab.base_url, path).to_s
+ Addressable::URI.join(Gitlab.config.gitlab.base_url, path).to_s
end
end
diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb
index 7e17457ce70..3ca4652f7cc 100644
--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -278,18 +278,19 @@ describe Banzai::Filter::RelativeLinkFilter do
expect(doc.at_css('a')['href']).to eq 'http://example.com'
end
- it 'supports Unicode filenames' do
+ it 'supports unescaped Unicode filenames' do
path = '/uploads/한글.png'
- escaped = Addressable::URI.escape(path)
+ doc = filter(link(path))
- # Stub these methods so the file doesn't actually need to be in the repo
- allow_any_instance_of(described_class)
- .to receive(:file_exists?).and_return(true)
- allow_any_instance_of(described_class)
- .to receive(:image?).with(path).and_return(true)
+ expect(doc.at_css('a')['href']).to eq("/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png")
+ end
+ it 'supports escaped Unicode filenames' do
+ path = '/uploads/한글.png'
+ escaped = Addressable::URI.escape(path)
doc = filter(image(escaped))
- expect(doc.at_css('img')['src']).to match "/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png"
+
+ expect(doc.at_css('img')['src']).to eq("/#{project.full_path}/uploads/%ED%95%9C%EA%B8%80.png")
end
end