Escape the query argument provided to `git grep` by `search_files`rs-trailing-slash-in-search

Closes #14963.
author: Robert Speicher <rspeicher@gmail.com> 2016-04-09 18:40:15 -0400
committer: Robert Speicher <rspeicher@gmail.com> 2016-04-09 18:50:21 -0400
commit: 5ffa8f057095fb2fe12a60ffa0dd3a611d2f1aeb (patch)
tree: 9120416e842cd78efcf96127fe7b2fc84cc0d331 /app/models
parent: 600b94cd8bdf767e3f5ae4b21af73858a0055a7c (diff)
download: gitlab-ce-5ffa8f057095fb2fe12a60ffa0dd3a611d2f1aeb.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 8dead3a5884..090cccd2c72 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -795,7 +795,7 @@ class Repository
 
   def search_files(query, ref)
     offset = 2
-    args = %W(#{Gitlab.config.git.bin_path} grep -i -I -n --before-context #{offset} --after-context #{offset} -e #{query} #{ref || root_ref})
+    args = %W(#{Gitlab.config.git.bin_path} grep -i -I -n --before-context #{offset} --after-context #{offset} -e #{Regexp.escape(query)} #{ref || root_ref})
     Gitlab::Popen.popen(args, path_to_repo).first.scrub.split(/^--$/)
   end
author	Robert Speicher <rspeicher@gmail.com>	2016-04-09 18:40:15 -0400
committer	Robert Speicher <rspeicher@gmail.com>	2016-04-09 18:50:21 -0400
commit	5ffa8f057095fb2fe12a60ffa0dd3a611d2f1aeb (patch)
tree	9120416e842cd78efcf96127fe7b2fc84cc0d331 /app/models
parent	600b94cd8bdf767e3f5ae4b21af73858a0055a7c (diff)
download	gitlab-ce-5ffa8f057095fb2fe12a60ffa0dd3a611d2f1aeb.tar.gz