diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2016-10-14 16:04:23 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2016-10-14 16:04:23 +0300 |
| commit | c736ffdfb043df34a89273639297cfc86d2d5f88 (patch) | |
| tree | 9c3585ae7d50eddfaae320fe7c3dc139f6eebcff | |
| parent | 48d223d7c944b99d6aca960a9e10ffe6e7f7cb78 (diff) | |
| download | gitlab-ce-dz-fix-user-select.tar.gz | |
Validate user id for users select autcompletedz-fix-user-select
Single user autcomplete should be used only for existing users with
digital ID provided. Now js code puts any input into generating user URL
which can lead to 500 error because routing like this does not exists:
GET "/autocomplete/users/whatever@example.com.json".
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| -rw-r--r-- | app/assets/javascripts/users_select.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js index 6aa0e1cd2b6..3020b7cc239 100644 --- a/app/assets/javascripts/users_select.js +++ b/app/assets/javascripts/users_select.js @@ -325,6 +325,10 @@ }; UsersSelect.prototype.user = function(user_id, callback) { + if(!/^\d+$/.test(user_id)) { + return false; + } + var url; url = this.buildUrl(this.userPath); url = url.replace(':id', user_id); |