Escape quotes in gl_dropdown values to prevent exceptions

author: Airat Shigapov <contact@airatshigapov.com> 2016-10-14 20:52:10 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2016-10-26 12:09:04 +0100
commit: 45bfff3d664318d5e1e5c23165ab5832ddd54af9 (patch)
tree: 99b72c1ae2ec84162b6016fcbf8b5707cb878afa /app/assets/javascripts/gl_dropdown.js
parent: 4482d19959616b1fe2f509d9d85d7725bbedc08b (diff)
download: gitlab-ce-45bfff3d664318d5e1e5c23165ab5832ddd54af9.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/app/assets/javascripts/gl_dropdown.js b/app/assets/javascripts/gl_dropdown.js
index 53762f2965c..82bbd464332 100644
--- a/app/assets/javascripts/gl_dropdown.js
+++ b/app/assets/javascripts/gl_dropdown.js
@@ -549,6 +549,8 @@
           value = this.options.id ? this.options.id(data) : data.id;
           fieldName = this.options.fieldName;
 
+          if (value) { value = value.toString().replace(/'/g, '\\\'') };
+
           field = this.dropdown.parent().find("input[name='" + fieldName + "'][value='" + value + "']");
           if (field.length) {
             selected = true;
author	Airat Shigapov <contact@airatshigapov.com>	2016-10-14 20:52:10 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2016-10-26 12:09:04 +0100
commit	45bfff3d664318d5e1e5c23165ab5832ddd54af9 (patch)
tree	99b72c1ae2ec84162b6016fcbf8b5707cb878afa /app/assets/javascripts/gl_dropdown.js
parent	4482d19959616b1fe2f509d9d85d7725bbedc08b (diff)
download	gitlab-ce-45bfff3d664318d5e1e5c23165ab5832ddd54af9.tar.gz