diff options
author | Felipe Artur <felipefac@gmail.com> | 2016-05-04 18:21:57 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2016-05-05 16:37:49 -0300 |
commit | d028863eda8b97f6e4db129ef57f0d3a2130c9b3 (patch) | |
tree | 010e2d279ef301b4fa301815c9878983ffb240cf /app/models | |
parent | fad7b392dc633fb689e657af8b7fad346ede416e (diff) | |
download | gitlab-ce-d028863eda8b97f6e4db129ef57f0d3a2130c9b3.tar.gz |
Sanitize milestones and label titlesissue_15394
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/label.rb | 5 | ||||
-rw-r--r-- | app/models/milestone.rb | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/app/models/label.rb b/app/models/label.rb index 60bdce32952..0b34911a4e9 100644 --- a/app/models/label.rb +++ b/app/models/label.rb @@ -117,6 +117,11 @@ class Label < ActiveRecord::Base LabelsHelper::text_color_for_bg(self.color) end + def title= value + value = Sanitize.clean(value.to_s) if value + write_attribute(:title, Sanitize.clean(value)) + end + private def label_format_reference(format = :id) diff --git a/app/models/milestone.rb b/app/models/milestone.rb index 986184dd301..ed81791c69c 100644 --- a/app/models/milestone.rb +++ b/app/models/milestone.rb @@ -129,6 +129,11 @@ class Milestone < ActiveRecord::Base nil end + def title= value + value = Sanitize.clean(value.to_s) if value + write_attribute(:title, value) + end + # Sorts the issues for the given IDs. # # This method runs a single SQL query using a CASE statement to update the |