Commit 3a58cc15 authored by Marin Jankovski's avatar Marin Jankovski Committed by Jacob Vosmaer

Sanitize branch name and ref name

parent 9fb4724e
class Projects::BranchesController < Projects::ApplicationController
include ActionView::Helpers::SanitizeHelper
# Authorize
before_filter :authorize_read_project!
before_filter :require_non_empty_project
......@@ -17,8 +18,10 @@ class Projects::BranchesController < Projects::ApplicationController
def create
branch_name = sanitize(strip_tags(params[:branch_name]))
ref = sanitize(strip_tags(params[:ref]))
result =, current_user).
execute(params[:branch_name], params[:ref])
execute(branch_name, ref)
if result[:status] == :success
@branch = result[:branch]
redirect_to project_tree_path(@project,
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment