From 4f47de62b47e136ffe335dc93acff3f6cd69b98f Mon Sep 17 00:00:00 2001
From: Nathan Neulinger <nneul@neulinger.org>
Date: Mon, 10 Apr 2017 08:02:31 -0500
Subject: [PATCH] Stop sanitizing user 'name' when inserting into db Add spec
tests for encoding
---
app/models/user.rb | 2 +-
.../unreleased/10085-stop-encoding-user-name.yml | 4 ++++
spec/models/user_spec.rb | 12 ++++++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
create mode 100644 changelogs/unreleased/10085-stop-encoding-user-name.yml
diff --git a/app/models/user.rb b/app/models/user.rb
index 4b01c2f19f0..2d39b1c1c34 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -699,7 +699,7 @@ class User < ActiveRecord::Base
end
def sanitize_attrs
- %w[name username skype linkedin twitter].each do |attr|
+ %w[username skype linkedin twitter].each do |attr|
value = public_send(attr)
public_send("#{attr}=", Sanitize.clean(value)) if value.present?
end
diff --git a/changelogs/unreleased/10085-stop-encoding-user-name.yml b/changelogs/unreleased/10085-stop-encoding-user-name.yml
new file mode 100644
index 00000000000..8fab474e047
--- /dev/null
+++ b/changelogs/unreleased/10085-stop-encoding-user-name.yml
@@ -0,0 +1,4 @@
+---
+title: "Insert user name directly without encoding"
+merge_request: 10085
+author: Nathan Neulinger <nneul@neulinger.org>
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index d04162a527f..c70f916a8bd 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1159,6 +1159,18 @@ describe User, models: true do
end
end
+ describe '#sanitize_attrs' do
+ let(:user) { build(:user, name: 'test & user', skype: 'test&user') }
+
+ it 'encodes HTML entities in the Skype attribute' do
+ expect { user.sanitize_attrs }.to change { user.skype }.to('test&user')
+ end
+
+ it 'does not encode HTML entities in the name attribute' do
+ expect { user.sanitize_attrs }.not_to change { user.name }
+ end
+ end
+
describe '#starred?' do
it 'determines if user starred a project' do
user = create :user
--
GitLab