Do not unescape branch name when deleting branch
What does this MR do and why?
Previously, when we unescape the branch name passed by frontend (e.g. test%2fbranch
), it can match a branch matching the unescaped name (e.g. test/branch
).
In a case wherein both test%2fbranch
and test/branch
branch exists, the previous behavior will lead to a bug wherein test/branch
will be deleted even if test%2fbranch
was the one being deleted.
The fix is to remove the unescape code so we're just finding for the branch to delete without unescaping the branch name.
It is intentional that this is being fixed outside of security process as mentioned in #334033 (comment 713978164).
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create
test%2fbranch
branch via git CLI. - Create
test/branch
branch via git CLI - Go to list of branches on the web UI (Repository > Branches).
- Delete
test%2fbranch
branch and it should be deleted. - Delete
test/branch
branch and it should be deleted.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #334033 (closed)