Commit 3a58cc15 by Marin Jankovski Committed by Jacob Vosmaer

Sanitize branch name and ref name

Conflicts:
	app/controllers/projects/branches_controller.rb
parent 9fb4724e
class Projects::BranchesController < Projects::ApplicationController
include ActionView::Helpers::SanitizeHelper
# Authorize
before_filter :authorize_read_project!
before_filter :require_non_empty_project
......@@ -17,8 +18,10 @@ class Projects::BranchesController < Projects::ApplicationController
end
def create
branch_name = sanitize(strip_tags(params[:branch_name]))
ref = sanitize(strip_tags(params[:ref]))
result = CreateBranchService.new(project, current_user).
execute(params[:branch_name], params[:ref])
execute(branch_name, ref)
if result[:status] == :success
@branch = result[:branch]
redirect_to project_tree_path(@project, @branch.name)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment