diff options
author | blackst0ne <blackst0ne.ru@gmail.com> | 2018-05-11 10:09:11 +1100 |
---|---|---|
committer | blackst0ne <blackst0ne.ru@gmail.com> | 2018-05-11 10:09:11 +1100 |
commit | 6ee52d0085dc90ad26b22974ae6cc6121649116e (patch) | |
tree | cfd573f2451ad6833324251a5b101a264ecc6c2d | |
parent | 35816eb7be76aa1a26dcf2f9cfeddf7c60b2da26 (diff) | |
download | gitlab-ce-46225-rails5-fix-app-views-groups-issues-html-haml.tar.gz |
[Rails5] Fix app/views/groups/issues.html.haml46225-rails5-fix-app-views-groups-issues-html-haml
Fixes the errors like:
```
ActionView::Template::Error:
Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.
```
-rw-r--r-- | app/views/groups/issues.html.haml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/groups/issues.html.haml b/app/views/groups/issues.html.haml index bbfbea4ac7a..662db18cf86 100644 --- a/app/views/groups/issues.html.haml +++ b/app/views/groups/issues.html.haml @@ -8,7 +8,7 @@ .top-area = render 'shared/issuable/nav', type: :issues .nav-controls - = link_to params.merge(rss_url_options), class: 'btn' do + = link_to safe_params.merge(rss_url_options), class: 'btn' do = icon('rss') %span.icon-label Subscribe |