diff options
author | Giorgenes Gelatti <ggelatti@gitlab.com> | 2019-08-15 16:22:13 +1000 |
---|---|---|
committer | Giorgenes Gelatti <ggelatti@gitlab.com> | 2019-08-15 16:22:13 +1000 |
commit | f3de7855f90ed6785f546ed4831e3cc9d34c63ad (patch) | |
tree | 6035b93b6c041487bf6710b043af04a33cb6cad0 /app/controllers/projects/registry | |
parent | 128a04ef0ec10e4524e138a61143d0d1ba1f54ac (diff) | |
download | gitlab-ce-f3de7855f90ed6785f546ed4831e3cc9d34c63ad.tar.gz |
Limit registry tag bulk delete to 15 items24705-multi-selection-for-delete-on-registry-page
Diffstat (limited to 'app/controllers/projects/registry')
-rw-r--r-- | app/controllers/projects/registry/tags_controller.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/projects/registry/tags_controller.rb b/app/controllers/projects/registry/tags_controller.rb index 633a7865cfe..54e2faa2dd7 100644 --- a/app/controllers/projects/registry/tags_controller.rb +++ b/app/controllers/projects/registry/tags_controller.rb @@ -5,6 +5,8 @@ module Projects class TagsController < ::Projects::Registry::ApplicationController before_action :authorize_destroy_container_image!, only: [:destroy] + LIMIT = 15 + def index respond_to do |format| format.json do @@ -34,7 +36,13 @@ module Projects return end - @tags = (params[:ids] || []).map { |tag_name| image.tag(tag_name) } + tag_names = params[:ids] || [] + if tag_names.size > LIMIT + head :bad_request + return + end + + @tags = tag_names.map { |tag_name| image.tag(tag_name) } unless @tags.all? { |tag| tag.valid_name? } head :bad_request return @@ -55,7 +63,7 @@ module Projects private def tags - Kaminari::PaginatableArray.new(image.tags, limit: 15) + Kaminari::PaginatableArray.new(image.tags, limit: LIMIT) end def image |