From 4b81a8dff96b6a37c938faf34d63f11eb7d86ea3 Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Tue, 11 Jun 2013 10:03:04 +0600 Subject: [PATCH 1/3] add more shellescaping for pull request actions --- app/models/pull_request.rb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/models/pull_request.rb b/app/models/pull_request.rb index 0966ec9e4..913e90af8 100644 --- a/app/models/pull_request.rb +++ b/app/models/pull_request.rb @@ -104,7 +104,7 @@ class PullRequest < ActiveRecord::Base def from_branch if to_project_id != from_project_id - "head_#{from_ref}" + "head_#{from_ref.shellescape}" else from_ref end @@ -164,7 +164,7 @@ class PullRequest < ActiveRecord::Base def merge clone message = "Merge pull request ##{serial_id} from #{from_project_owner_uname}/#{from_project_name}:#{from_ref}\r\n #{title}" - %x(cd #{path} && git checkout #{to_ref} && git merge --no-ff #{from_branch} -m #{message.shellescape}) + %x(cd #{path} && git checkout #{to_ref.shellescape} && git merge --no-ff #{from_branch.shellescape} -m #{message.shellescape}) end def clone @@ -191,11 +191,12 @@ class PullRequest < ActiveRecord::Base tags, head = repo.tags.map(&:name), to_project == from_project ? 'origin' : 'head' system 'git', 'checkout', to_ref unless tags.include? to_ref - system 'git', 'reset', '--hard', "origin/#{to_ref}" + system 'git', 'reset', '--hard', "origin/#{to_ref.shellescape}" end unless tags.include? from_ref - system 'git', 'branch', '-D', from_branch - system 'git', 'fetch', head, "+#{from_ref}:#{from_branch}" + system 'git', 'checkout', from_ref + system 'git', 'reset', '--hard', "head/#{from_ref.shellescape}" + system 'git', 'checkout', to_ref end end end From 9d8abb30a440ed29367e61067eae5f112c5c943c Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Mon, 17 Jun 2013 22:14:39 +0600 Subject: [PATCH 2/3] fix bugs and remove unneeded shellescapes --- app/models/pull_request.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/models/pull_request.rb b/app/models/pull_request.rb index 913e90af8..a854b8fc0 100644 --- a/app/models/pull_request.rb +++ b/app/models/pull_request.rb @@ -104,7 +104,7 @@ class PullRequest < ActiveRecord::Base def from_branch if to_project_id != from_project_id - "head_#{from_ref.shellescape}" + "head_#{from_ref}" else from_ref end @@ -191,11 +191,11 @@ class PullRequest < ActiveRecord::Base tags, head = repo.tags.map(&:name), to_project == from_project ? 'origin' : 'head' system 'git', 'checkout', to_ref unless tags.include? to_ref - system 'git', 'reset', '--hard', "origin/#{to_ref.shellescape}" + system 'git', 'reset', '--hard', "origin/#{to_ref}" end unless tags.include? from_ref - system 'git', 'checkout', from_ref - system 'git', 'reset', '--hard', "head/#{from_ref.shellescape}" + system 'git', 'checkout', from_branch + system 'git', 'reset', '--hard', "#{head}/#{from_ref}" system 'git', 'checkout', to_ref end end From 0e273d8efcd7172e274af3adcd3af079b648d4f7 Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Mon, 17 Jun 2013 22:15:05 +0600 Subject: [PATCH 3/3] quiet assets in dev --- config/environments/development.rb | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/config/environments/development.rb b/config/environments/development.rb index 98a9d21f5..ed182ee10 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,4 +1,20 @@ # -*- encoding : utf-8 -*- + +class DisableAssetsLogger + def initialize(app) + @app = app + Rails.application.assets.logger = Logger.new('/dev/null') + end + + def call(env) + previous_level = Rails.logger.level + Rails.logger.level = Logger::ERROR if env['PATH_INFO'].index("/assets/") == 0 + @app.call(env) + ensure + Rails.logger.level = previous_level + end +end + Rosa::Application.configure do # Settings specified here will take precedence over those in config/application.rb @@ -40,4 +56,6 @@ Rosa::Application.configure do # Log the query plan for queries taking more than this (works with SQLite, MySQL, and PostgreSQL) config.active_record.auto_explain_threshold_in_seconds = 0.5 + + config.middleware.insert_before Rails::Rack::Logger, DisableAssetsLogger end