diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-20 13:37:47 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-20 13:37:47 +0000 |
commit | aee0a117a889461ce8ced6fcf73207fe017f1d99 (patch) | |
tree | 891d9ef189227a8445d83f35c1b0fc99573f4380 /app/finders/merge_requests_finder.rb | |
parent | 8d46af3258650d305f53b819eabf7ab18d22f59e (diff) | |
download | gitlab-ce-aee0a117a889461ce8ced6fcf73207fe017f1d99.tar.gz |
Add latest changes from gitlab-org/gitlab@14-6-stable-eev14.6.0-rc42
Diffstat (limited to 'app/finders/merge_requests_finder.rb')
-rw-r--r-- | app/finders/merge_requests_finder.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb index 13696add965..ba709d3bdfc 100644 --- a/app/finders/merge_requests_finder.rb +++ b/app/finders/merge_requests_finder.rb @@ -174,8 +174,8 @@ class MergeRequestsFinder < IssuableFinder def by_deployments(items) env = params[:environment] - before = params[:deployed_before] - after = params[:deployed_after] + before = parse_datetime(params[:deployed_before]) + after = parse_datetime(params[:deployed_after]) id = params[:deployment_id] return items if !env && !before && !after && !id @@ -218,6 +218,13 @@ class MergeRequestsFinder < IssuableFinder items.none end end + + def parse_datetime(input) + # To work around http://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + DateTime.parse(input.byteslice(0, 128)) if input + rescue Date::Error + nil + end end MergeRequestsFinder.prepend_mod_with('MergeRequestsFinder') |