Merge branch 'issue_15434' into 'master'

Fixes XSS injection REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434 **Without the fix** ![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif) **With the fix** ![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif) See merge request !1952
author: Jacob Schatz <jschatz@gitlab.com> 2016-04-21 16:22:15 +0000
committer: Robert Speicher <rspeicher@gmail.com> 2016-04-25 16:01:24 -0400
commit: e580bd8cd6ca85bf017062cc85f629303751c26b (patch)
tree: 6f15a0d785a7eb68e1b85ee2bd4c90e931be6def
parent: f02c5cc753c9e74767cd73ae29e591c5ad1effa2 (diff)
download: gitlab-ce-e580bd8cd6ca85bf017062cc85f629303751c26b.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/commits.js.coffee b/app/assets/javascripts/commits.js.coffee
index ffd3627b1b0..0acb4c1955e 100644
--- a/app/assets/javascripts/commits.js.coffee
+++ b/app/assets/javascripts/commits.js.coffee
@@ -1,7 +1,7 @@
 class @CommitsList
   @timer = null
 
-  @init: (ref, limit) ->
+  @init: (limit) ->
     $("body").on "click", ".day-commits-table li.commit", (event) ->
       if event.target.nodeName != "A"
         location.href = $(this).attr("url")
diff --git a/app/views/projects/commits/show.html.haml b/app/views/projects/commits/show.html.haml
index ede64d47ab3..f21beaf9341 100644
--- a/app/views/projects/commits/show.html.haml
+++ b/app/views/projects/commits/show.html.haml
@@ -36,4 +36,4 @@
 = spinner
 
 :javascript
-  CommitsList.init("#{@ref}", #{@limit});
+  CommitsList.init(#{@limit});
author	Jacob Schatz <jschatz@gitlab.com>	2016-04-21 16:22:15 +0000
committer	Robert Speicher <rspeicher@gmail.com>	2016-04-25 16:01:24 -0400
commit	e580bd8cd6ca85bf017062cc85f629303751c26b (patch)
tree	6f15a0d785a7eb68e1b85ee2bd4c90e931be6def
parent	f02c5cc753c9e74767cd73ae29e591c5ad1effa2 (diff)
download	gitlab-ce-e580bd8cd6ca85bf017062cc85f629303751c26b.tar.gz