[Rails5] Fix app/views/groups/issues.html.haml
Note: add
rails5
to a branch name to trigger rails5 specific CI jobs.
https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/67500065
1.1) Failure/Error: = link_to params.merge(rss_url_options), class: 'btn' do
ActionView::Template::Error:
Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.
# ./app/views/groups/issues.html.haml:11:in `_app_views_groups_issues_html_haml___3929645445102151774_186030680'
# ./lib/gitlab/i18n.rb:50:in `with_locale'
# ./lib/gitlab/i18n.rb:56:in `with_user_locale'
# ./app/controllers/application_controller.rb:351:in `set_locale'
# ./lib/gitlab/middleware/multipart.rb:95:in `call'
# ./lib/gitlab/request_profiler/middleware.rb:14:in `call'
# ./lib/gitlab/query_limiting/middleware.rb:17:in `block in call'
# ./lib/gitlab/query_limiting/transaction.rb:37:in `run'
# ./lib/gitlab/query_limiting/middleware.rb:16:in `call'
# ./lib/gitlab/middleware/go.rb:17:in `call'
# ./lib/gitlab/etag_caching/middleware.rb:11:in `call'
# ./lib/gitlab/middleware/read_only/controller.rb:28:in `call'
# ./lib/gitlab/middleware/read_only.rb:16:in `call'
# ./lib/gitlab/request_context.rb:18:in `call'
# ./config/initializers/fix_local_cache_middleware.rb:9:in `call'
# ./lib/gitlab/middleware/static.rb:9:in `call'
# ./lib/gitlab/testing/request_inspector_middleware.rb:31:in `call'
# ./lib/gitlab/testing/request_blocker_middleware.rb:45:in `call'
# ./lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'
# ------------------
# --- Caused by: ---
# ArgumentError:
# Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.
# ./app/views/groups/issues.html.haml:11:in `_app_views_groups_issues_html_haml___3929645445102151774_186030680'
params
has to be replaced with safe_params
in
link_to params.merge(rss_url_options), class: 'btn' do