diff options
Diffstat (limited to 'app/controllers/projects/commits_controller.rb')
-rw-r--r-- | app/controllers/projects/commits_controller.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index 1ca35903703..82a13b60b13 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -67,11 +67,11 @@ class Projects::CommitsController < Projects::ApplicationController def set_commits render_404 unless @path.empty? || request.format == :atom || @repository.blob_at(@commit.id, @path) || @repository.tree(@commit.id, @path).entries.present? - limit = params[:limit].to_i + limit = permitted_params[:limit].to_i @limit = limit > 0 ? limit : COMMITS_DEFAULT_LIMIT # limit can only ever be a positive number - @offset = (params[:offset] || 0).to_i - search = params[:search] - author = params[:author] + @offset = (permitted_params[:offset] || 0).to_i + search = permitted_params[:search] + author = permitted_params[:author] @commits = if search.present? @@ -87,4 +87,8 @@ class Projects::CommitsController < Projects::ApplicationController @commits = @commits.with_latest_pipeline(@ref) @commits = set_commits_for_rendering(@commits) end + + def permitted_params + params.permit(:limit, :offset, :search, :author) + end end |