diff options
author | Marin Jankovski <maxlazio@gmail.com> | 2014-11-13 16:20:43 +0100 |
---|---|---|
committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2014-11-19 12:26:54 +0100 |
commit | 3a58cc15ad10821194746c0f80df24333193a687 (patch) | |
tree | 848eb27684d2d2d7dff010f3e038296f10130fbb /app/controllers/projects/branches_controller.rb | |
parent | 9fb4724e3f362f3e3c01068534570eac26df7715 (diff) | |
download | gitlab-ce-3a58cc15ad10821194746c0f80df24333193a687.tar.gz |
Sanitize branch name and ref name
Conflicts:
app/controllers/projects/branches_controller.rb
Diffstat (limited to 'app/controllers/projects/branches_controller.rb')
-rw-r--r-- | app/controllers/projects/branches_controller.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index faa0ce67ca8..3e2c04f0969 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -1,4 +1,5 @@ class Projects::BranchesController < Projects::ApplicationController + include ActionView::Helpers::SanitizeHelper # Authorize before_filter :authorize_read_project! before_filter :require_non_empty_project @@ -17,8 +18,10 @@ class Projects::BranchesController < Projects::ApplicationController end def create + branch_name = sanitize(strip_tags(params[:branch_name])) + ref = sanitize(strip_tags(params[:ref])) result = CreateBranchService.new(project, current_user). - execute(params[:branch_name], params[:ref]) + execute(branch_name, ref) if result[:status] == :success @branch = result[:branch] redirect_to project_tree_path(@project, @branch.name) |