Commit 3a58cc15 authored by Marin Jankovski's avatar Marin Jankovski Committed by Jacob Vosmaer

Sanitize branch name and ref name

Conflicts:
	app/controllers/projects/branches_controller.rb
parent 9fb4724e
class Projects::BranchesController < Projects::ApplicationController class Projects::BranchesController < Projects::ApplicationController
include ActionView::Helpers::SanitizeHelper
# Authorize # Authorize
before_filter :authorize_read_project! before_filter :authorize_read_project!
before_filter :require_non_empty_project before_filter :require_non_empty_project
...@@ -17,8 +18,10 @@ class Projects::BranchesController < Projects::ApplicationController ...@@ -17,8 +18,10 @@ class Projects::BranchesController < Projects::ApplicationController
end end
def create def create
branch_name = sanitize(strip_tags(params[:branch_name]))
ref = sanitize(strip_tags(params[:ref]))
result = CreateBranchService.new(project, current_user). result = CreateBranchService.new(project, current_user).
execute(params[:branch_name], params[:ref]) execute(branch_name, ref)
if result[:status] == :success if result[:status] == :success
@branch = result[:branch] @branch = result[:branch]
redirect_to project_tree_path(@project, @branch.name) redirect_to project_tree_path(@project, @branch.name)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment