From 150b4f66e6a244b5f6bd1119de3ce68336a9bf9e Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@selenight.nl>
Date: Fri, 22 Jan 2016 01:43:06 +0100
Subject: [PATCH] Make sure non-highlighted diffs are still escaped

---
 app/controllers/projects/blob_controller.rb |  4 +++-
 app/models/note.rb                          |  8 ++++++--
 lib/gitlab/diff/highlight.rb                | 16 +++++++++++-----
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 8133de90a41..bb72232edd7 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -52,7 +52,9 @@ class Projects::BlobController < Projects::ApplicationController
   def preview
     @content = params[:content]
     diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', include_diff_info: true)
-    @diff_lines = Gitlab::Diff::Parser.new.parse(diffy.diff.scan(/.*\n/))
+    diff_lines = diffy.diff.scan(/.*\n/)[2..-1]
+    diff_lines = Gitlab::Diff::Parser.new.parse(diff_lines)
+    @diff_lines = Gitlab::Diff::Highlight.new(diff_lines).highlight
 
     render layout: false
   end
diff --git a/app/models/note.rb b/app/models/note.rb
index 15f48110ad2..55255d22c2f 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -244,7 +244,7 @@ class Note < ActiveRecord::Base
     prev_match_line = nil
     prev_lines = []
 
-    diff_lines.each do |line|
+    highlighted_diff_lines.each do |line|
       if line.type == "match"
         prev_lines.clear
         prev_match_line = line
@@ -261,7 +261,11 @@ class Note < ActiveRecord::Base
   end
 
   def diff_lines
-    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.lines.to_a)
+    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.lines)
+  end
+
+  def highlighted_diff_lines
+    Gitlab::Diff::Highlight.new(diff_lines).highlight
   end
 
   def discussion_id
diff --git a/lib/gitlab/diff/highlight.rb b/lib/gitlab/diff/highlight.rb
index 179f8164c84..964c89de6c6 100644
--- a/lib/gitlab/diff/highlight.rb
+++ b/lib/gitlab/diff/highlight.rb
@@ -1,13 +1,17 @@
 module Gitlab
   module Diff
     class Highlight
-      attr_reader :diff_file
+      attr_reader :diff_file, :diff_lines, :raw_lines
 
       delegate :old_path, :new_path, :old_ref, :new_ref, to: :diff_file, prefix: :diff
 
-      def initialize(diff_file)
-        @diff_file = diff_file
-        @diff_lines = diff_file.diff_lines
+      def initialize(diff_lines)
+        if diff_lines.is_a?(Gitlab::Diff::File)
+          @diff_file = diff_file
+          @diff_lines = diff_file.diff_lines
+        else
+          @diff_lines = diff_lines
+        end
         @raw_lines = @diff_lines.map(&:text)
       end
 
@@ -31,7 +35,7 @@ module Gitlab
       private
 
       def highlight_line(diff_line, index)
-        return html_escape(diff_line.text) unless diff_file.diff_refs
+        return html_escape(diff_line.text) unless diff_file && diff_file.diff_refs
 
         line_prefix = diff_line.text.match(/\A(.)/) ? $1 : ' '
 
@@ -52,10 +56,12 @@ module Gitlab
       end
 
       def old_lines
+        return unless diff_file
         @old_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:old))
       end
 
       def new_lines
+        return unless diff_file
         @new_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:new))
       end
 
-- 
GitLab