diff options
| author | George Koltsov <gkoltsov@gitlab.com> | 2019-08-06 17:18:53 +0100 |
|---|---|---|
| committer | George Koltsov <gkoltsov@gitlab.com> | 2019-08-12 11:16:52 +0100 |
| commit | 485b8b86edaeed1ba3a8bf55df23ca6cbc1f015b (patch) | |
| tree | dee1f2eb6e62c3d8fdbdc3a81c1213a32154cb70 /app | |
| parent | 94e1404c4b138ede19611a46a5736764a61cdab7 (diff) | |
| download | gitlab-ce-485b8b86edaeed1ba3a8bf55df23ca6cbc1f015b.tar.gz | |
Add filter param sanitizationgeorgekoltsov/51260-add-filtering-to-bitbucket-server-import
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/import/bitbucket_server_controller.rb | 8 | ||||
| -rw-r--r-- | app/views/import/bitbucket_server/status.html.haml | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/import/bitbucket_server_controller.rb b/app/controllers/import/bitbucket_server_controller.rb index 1956442b72b..dc72a4e4fd9 100644 --- a/app/controllers/import/bitbucket_server_controller.rb +++ b/app/controllers/import/bitbucket_server_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Import::BitbucketServerController < Import::BaseController + include ActionView::Helpers::SanitizeHelper + before_action :verify_bitbucket_server_import_enabled before_action :bitbucket_auth, except: [:new, :configure] before_action :validate_import_params, only: [:create] @@ -57,7 +59,7 @@ class Import::BitbucketServerController < Import::BaseController # rubocop: disable CodeReuse/ActiveRecord def status - @collection = bitbucket_client.repos(page_offset: page_offset, limit: limit_per_page, filter: params[:filter]) + @collection = bitbucket_client.repos(page_offset: page_offset, limit: limit_per_page, filter: sanitized_filter_param) @repos, @incompatible_repos = @collection.partition { |repo| repo.valid? } # Use the import URL to filter beyond what BaseService#find_already_added_projects @@ -147,4 +149,8 @@ class Import::BitbucketServerController < Import::BaseController def limit_per_page BitbucketServer::Paginator::PAGE_LENGTH end + + def sanitized_filter_param + sanitize(params[:filter]) + end end diff --git a/app/views/import/bitbucket_server/status.html.haml b/app/views/import/bitbucket_server/status.html.haml index 1218462577a..aac09801d91 100644 --- a/app/views/import/bitbucket_server/status.html.haml +++ b/app/views/import/bitbucket_server/status.html.haml @@ -23,7 +23,7 @@ .input-btn-group.float-right = form_tag status_import_bitbucket_server_path, :method => 'get' do - = text_field_tag :filter, params[:filter], class: 'form-control append-bottom-10', placeholder: _('Filter your projects by name'), size: 40, autoFocus: true + = text_field_tag :filter, sanitize(params[:filter]), class: 'form-control append-bottom-10', placeholder: _('Filter your projects by name'), size: 40, autoFocus: true .table-responsive.prepend-top-10 %table.table.import-jobs |