Diff line redis cache has wrong values after security fix is applied
https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2463 is a security fix to escape diff lines correctly. As part of the change, it removed the previous (confusing) behaviour where Gitlab::Diff::Line#text
would often be the highlighted line - something that we probably intended to put in Gitlab::Diff::Line#rich_text
.
Unfortunately, this change did not change the cache key. This is a similar issue to https://gitlab.com/gitlab-org/gitlab-ce/issues/48801. We are populating the cache with one set of data, and when reading it, we expect it to be in a different shape.
(This only applies to merge request diffs.)
To reproduce this:
- Check out
master
. - Create an MR with a highlighted diff.
- View the diff.
- Apply https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2463.
- Reload the diff.
The diff will now show the HTML double-escaped.