diff options
| -rw-r--r-- | app/controllers/projects/registry/tags_controller.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/projects/registry/tags_controller.rb b/app/controllers/projects/registry/tags_controller.rb index 633a7865cfe..54e2faa2dd7 100644 --- a/app/controllers/projects/registry/tags_controller.rb +++ b/app/controllers/projects/registry/tags_controller.rb @@ -5,6 +5,8 @@ module Projects class TagsController < ::Projects::Registry::ApplicationController before_action :authorize_destroy_container_image!, only: [:destroy] + LIMIT = 15 + def index respond_to do |format| format.json do @@ -34,7 +36,13 @@ module Projects return end - @tags = (params[:ids] || []).map { |tag_name| image.tag(tag_name) } + tag_names = params[:ids] || [] + if tag_names.size > LIMIT + head :bad_request + return + end + + @tags = tag_names.map { |tag_name| image.tag(tag_name) } unless @tags.all? { |tag| tag.valid_name? } head :bad_request return @@ -55,7 +63,7 @@ module Projects private def tags - Kaminari::PaginatableArray.new(image.tags, limit: 15) + Kaminari::PaginatableArray.new(image.tags, limit: LIMIT) end def image |