summaryrefslogtreecommitdiff
path: root/app/controllers/projects/refs_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/projects/refs_controller.rb')
-rw-r--r--app/controllers/projects/refs_controller.rb10
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb
index 73eb6bb2bf2..b070f9419fc 100644
--- a/app/controllers/projects/refs_controller.rb
+++ b/app/controllers/projects/refs_controller.rb
@@ -18,7 +18,7 @@ class Projects::RefsController < Projects::ApplicationController
respond_to do |format|
format.html do
new_path =
- case params[:destination]
+ case permitted_params[:destination]
when "tree"
project_tree_path(@project, @id)
when "blob"
@@ -45,7 +45,7 @@ class Projects::RefsController < Projects::ApplicationController
def logs_tree
tree_summary = ::Gitlab::TreeSummary.new(
@commit, @project, current_user,
- path: @path, offset: params[:offset], limit: 25)
+ path: @path, offset: permitted_params[:offset], limit: 25)
respond_to do |format|
format.html { render_404 }
@@ -62,6 +62,10 @@ class Projects::RefsController < Projects::ApplicationController
private
def validate_ref_id
- return not_found! if params[:id].present? && params[:id] !~ Gitlab::PathRegex.git_reference_regex
+ return not_found if permitted_params[:id].present? && permitted_params[:id] !~ Gitlab::PathRegex.git_reference_regex
+ end
+
+ def permitted_params
+ params.permit(:id, :offset, :destination)
end
end
View Lorry Controller Status