diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:12 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:12 +0300 |
commit | a0043682b500ce39ff4eba00e8c1cecc64819ea1 (patch) | |
tree | 9c0f3d058052f42075ebbee9ae827023829efeec /app/models | |
parent | af84dec405c3f8d13220ee3f98eb4b2f0276a93d (diff) | |
parent | 20cb4f7ab567062fd67ccd40cd29ff1d2e85d8f0 (diff) |
Merge branch 'security-bvl-validate-force-remove-branch-on-mrs-ce' into 'master'
Only assign merge params when allowed
See merge request gitlab/gitlabhq!3458
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/merge_request.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index cd8ede3905a..67f666a89b2 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -69,6 +69,14 @@ class MergeRequest < ApplicationRecord has_many :merge_request_assignees has_many :assignees, class_name: "User", through: :merge_request_assignees + KNOWN_MERGE_PARAMS = [ + :auto_merge_strategy, + :should_remove_source_branch, + :force_remove_source_branch, + :commit_message, + :squash_commit_message, + :sha + ].freeze serialize :merge_params, Hash # rubocop:disable Cop/ActiveRecordSerialize after_create :ensure_merge_request_diff |