From 83abe6212584011345b728236834e36a74ee0957 Mon Sep 17 00:00:00 2001
From: Peter Holloway <holloway.p.r@gmail.com>
Date: Wed, 10 Jun 2020 12:42:52 +0100
Subject: [PATCH] Use GET for compare methods

POST requests are blocked when running in --no-edit mode so using POST
prevents compare being available (see #1546).

Change the history view form to use "get" as the form method and change
the routing in app to accept get requests for both forms of compare. The
order of the compare routes is switched to make the more specific form
checked first to prevent all requests being handled by the less specific
form.
---
 lib/gollum/app.rb                     | 47 ++++++++++++++-------------
 lib/gollum/templates/history.mustache |  2 +-
 test/test_app.rb                      |  6 ++--
 3 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/lib/gollum/app.rb b/lib/gollum/app.rb
index b703e163..621f9f74 100644
--- a/lib/gollum/app.rb
+++ b/lib/gollum/app.rb
@@ -459,7 +459,30 @@ module Precious
         mustache :latest_changes
       end
 
-      post '/compare/*' do
+      get %r{
+        /compare/ # match any URL beginning with /compare/
+        (.+)      # extract the full path (including any directories)
+        /         # match the final slash
+        ([^.]+)   # match the first SHA1
+        \.{2,3}   # match .. or ...
+        (.+)      # match the second SHA1
+      }x do |path, start_version, end_version|
+        wikip     = wiki_page(path)
+        @path     = wikip.path
+        @name     = wikip.fullname
+        @versions = [start_version, end_version]
+        wiki      = wikip.wiki
+        @page     = wikip.page
+        @diff     = wiki.repo.diff(@versions.first, @versions.last, @page.path)
+        if @diff.empty?
+          @message = 'Could not compare these two revisions, no differences were found.'
+          mustache :error
+        else
+          mustache :compare
+        end
+      end
+
+      get '/compare/*' do
         @file     = clean_url(encodeURIComponent(params[:splat].first))
         @versions = params[:versions] || []
         if @versions.size == 1
@@ -483,28 +506,6 @@ module Precious
         end
       end
 
-      get %r{
-        /compare/ # match any URL beginning with /compare/
-        (.+)      # extract the full path (including any directories)
-        /         # match the final slash
-        ([^.]+)   # match the first SHA1
-        \.{2,3}   # match .. or ...
-        (.+)      # match the second SHA1
-      }x do |path, start_version, end_version|
-        wikip     = wiki_page(path)
-        @path     = wikip.path
-        @name     = wikip.fullname
-        @versions = [start_version, end_version]
-        wiki      = wikip.wiki
-        @page     = wikip.page
-        @diff     = wiki.repo.diff(@versions.first, @versions.last, @page.path)
-        if @diff.empty?
-          @message = 'Could not compare these two revisions, no differences were found.'
-          mustache :error
-        else
-          mustache :compare
-        end
-      end
 
       get %r{
         /commit/  # match any URL beginning with /show/
diff --git a/lib/gollum/templates/history.mustache b/lib/gollum/templates/history.mustache
index b966ddaf..ffdfcdbc 100644
--- a/lib/gollum/templates/history.mustache
+++ b/lib/gollum/templates/history.mustache
@@ -7,7 +7,7 @@
 
   {{>pagination}}
 
-    <form name="selection-form" id="selection-form" method="post" action="{{compare_path}}/{{escaped_url_path}}"></form>
+    <form name="selection-form" id="selection-form" method="get" action="{{compare_path}}/{{escaped_url_path}}"></form>
 
 	<div id="page-history-list" class="Box Box--condensed flex-auto">
 		<form id="version-form">
diff --git a/test/test_app.rb b/test/test_app.rb
index b10ee6e8..d1a17060 100644
--- a/test/test_app.rb
+++ b/test/test_app.rb
@@ -957,17 +957,17 @@ context 'Frontend with base path' do
   end
   
   test 'compare view' do
-    post '/wiki/gollum/compare/Bilbo-Baggins.md', :versions => ['f25eccd98e9b667f9e22946f3e2f945378b8a72d', '5bc1aaec6149e854078f1d0f8b71933bbc6c2e43']
+    get '/wiki/gollum/compare/Bilbo-Baggins.md?versions[]=f25eccd98e9b667f9e22946f3e2f945378b8a72d&versions[]=5bc1aaec6149e854078f1d0f8b71933bbc6c2e43'
     follow_redirect!
     assert last_response.ok?
     assert_equal '/wiki/gollum/compare/Bilbo-Baggins.md/5bc1aaec6149e854078f1d0f8b71933bbc6c2e43...f25eccd98e9b667f9e22946f3e2f945378b8a72d', last_request.fullpath
     
-    post '/wiki/gollum/compare/Bilbo-Baggins.md', :versions => ['f25eccd98e9b667f9e22946f3e2f945378b8a72d']
+    get '/wiki/gollum/compare/Bilbo-Baggins.md?versions[]=f25eccd98e9b667f9e22946f3e2f945378b8a72d'
     follow_redirect!
     assert last_response.ok?
     assert_equal '/wiki/gollum/compare/Bilbo-Baggins.md/b0d108328459e44fff4a76cd19b10ddc34adce4b...f25eccd98e9b667f9e22946f3e2f945378b8a72d', last_request.fullpath
 
-    post '/wiki/gollum/compare/Bilbo-Baggins.md', :versions => []
+    get '/wiki/gollum/compare/Bilbo-Baggins.md'
     follow_redirect!
     assert last_response.ok?
     assert_equal '/wiki/gollum/history/Bilbo-Baggins.md', last_request.fullpath