diff options
Diffstat (limited to 'app/controllers/projects/commits_controller.rb')
-rw-r--r-- | app/controllers/projects/commits_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index e40a1a1d744..2510a31c9b3 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -11,6 +11,7 @@ class Projects::CommitsController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars, except: :commits_root before_action :authorize_download_code! + before_action :validate_ref!, except: :commits_root before_action :set_commits, except: :commits_root def commits_root @@ -54,6 +55,10 @@ class Projects::CommitsController < Projects::ApplicationController private + def validate_ref! + render_404 unless valid_ref?(@ref) + end + def set_commits render_404 unless @path.empty? || request.format == :atom || @repository.blob_at(@commit.id, @path) || @repository.tree(@commit.id, @path).entries.present? @limit, @offset = (params[:limit] || 40).to_i, (params[:offset] || 0).to_i |