Validate user id for users select autcompletedz-fix-user-select

Single user autcomplete should be used only for existing users with digital ID provided. Now js code puts any input into generating user URL which can lead to 500 error because routing like this does not exists: GET "/autocomplete/users/whatever@example.com.json". Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-10-14 16:04:23 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2016-10-14 16:04:23 +0300
commit: c736ffdfb043df34a89273639297cfc86d2d5f88 (patch)
tree: 9c3585ae7d50eddfaae320fe7c3dc139f6eebcff /app
parent: 48d223d7c944b99d6aca960a9e10ffe6e7f7cb78 (diff)
download: gitlab-ce-c736ffdfb043df34a89273639297cfc86d2d5f88.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js
index 6aa0e1cd2b6..3020b7cc239 100644
--- a/app/assets/javascripts/users_select.js
+++ b/app/assets/javascripts/users_select.js
@@ -325,6 +325,10 @@
     };
 
     UsersSelect.prototype.user = function(user_id, callback) {
+      if(!/^\d+$/.test(user_id)) {
+        return false;
+      }
+
       var url;
       url = this.buildUrl(this.userPath);
       url = url.replace(':id', user_id);
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2016-10-14 16:04:23 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2016-10-14 16:04:23 +0300
commit	c736ffdfb043df34a89273639297cfc86d2d5f88 (patch)
tree	9c3585ae7d50eddfaae320fe7c3dc139f6eebcff /app
parent	48d223d7c944b99d6aca960a9e10ffe6e7f7cb78 (diff)
download	gitlab-ce-c736ffdfb043df34a89273639297cfc86d2d5f88.tar.gz