From 1f66b19112af812aec42b4ae47a41e2cc1feb630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20G=C3=BCnther?= Date: Wed, 13 Apr 2016 21:09:07 +0200 Subject: [PATCH] Fix double escaping of repository path params --- app/controllers/repositories_controller.rb | 2 +- app/helpers/application_helper.rb | 2 +- .../repositories_controller_spec.rb | 21 +++++++++++++++++++ spec/routing/repositories_routing_spec.rb | 8 +++++++ 4 files changed, 31 insertions(+), 2 deletions(-) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 5508d5a182..0142dc64af 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -310,7 +310,7 @@ class RepositoriesController < ApplicationController # Prepare checkout instructions # available on all pages (even empty!) - @path = CGI.unescape(params[:path] || '') + @path = params[:path] || '' @instructions = ::Scm::CheckoutInstructionsService.new(@repository, path: @path) # Asserts repository availability, or renders an appropriate error diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index a73cdb8a4f..204e0e2bb7 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -346,7 +346,7 @@ module ApplicationHelper end def to_path_param(path) - CGI.escape(path.to_s) + path.to_s end def reorder_links(name, url, options = {}) diff --git a/spec/controllers/repositories_controller_spec.rb b/spec/controllers/repositories_controller_spec.rb index 351151f1f6..fe5b11a12c 100644 --- a/spec/controllers/repositories_controller_spec.rb +++ b/spec/controllers/repositories_controller_spec.rb @@ -252,6 +252,27 @@ describe RepositoriesController, type: :controller do end end + describe 'show' do + render_views + + let(:role) { FactoryGirl.create(:role, permissions: [:browse_repository]) } + before do + get :show, project_id: project.identifier, path: path + end + + shared_examples 'renders the repository' do |active_breadcrumb| + it do + expect(response).to be_success + expect(response.body).to have_selector('.repository-breadcrumbs', text: active_breadcrumb) + end + end + + context 'with special characters' do + let(:path) { 'subversion_test/[folder_with_brackets]' } + it_behaves_like 'renders the repository', '[folder_with_brackets]' + end + end + describe 'checkout path' do render_views diff --git a/spec/routing/repositories_routing_spec.rb b/spec/routing/repositories_routing_spec.rb index dc4b98dc03..749e37c557 100644 --- a/spec/routing/repositories_routing_spec.rb +++ b/spec/routing/repositories_routing_spec.rb @@ -45,6 +45,14 @@ describe RepositoriesController, type: :routing do path: 'path/to/file.c') } + it { + expect(get('/projects/testproject/repository/folder%20with%20spaces')) + .to route_to(controller: 'repositories', + action: 'show', + project_id: 'testproject', + path: 'folder with spaces') + } + it { expect(get('/projects/testproject/repository/revisions/5')) .to route_to(controller: 'repositories',