Shell escape code search

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-10-31 11:25:08 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-11-01 14:14:24 +0200
commit: a476bc7bc7bd902e4bc2dbf9d49d3f6cb9e61537 (patch)
tree: 55005d82c4ffc536fb9979a1428d5b633067d8fb
parent: 1bace9da9abdacb7df91421548a8f3c66031ddfd (diff)
download: gitlab-ce-a476bc7bc7bd902e4bc2dbf9d49d3f6cb9e61537.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/contexts/search_context.rb b/app/contexts/search_context.rb
index 48def0784fd..ff322978559 100644
--- a/app/contexts/search_context.rb
+++ b/app/contexts/search_context.rb
@@ -6,7 +6,7 @@ class SearchContext
   end
 
   def execute
-    query = params[:search]
+    query = Shellwords.shellescape(params[:search])
 
     return result unless query.present?
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-10-31 11:25:08 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-11-01 14:14:24 +0200
commit	a476bc7bc7bd902e4bc2dbf9d49d3f6cb9e61537 (patch)
tree	55005d82c4ffc536fb9979a1428d5b633067d8fb
parent	1bace9da9abdacb7df91421548a8f3c66031ddfd (diff)
download	gitlab-ce-a476bc7bc7bd902e4bc2dbf9d49d3f6cb9e61537.tar.gz