diff options
| author | Sean McGivern <sean@gitlab.com> | 2018-01-15 17:49:27 +0300 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2018-01-16 14:56:07 +0300 |
| commit | 82f4564fb7dc57a9a7bb6a052926ee219bb29b13 (patch) | |
| tree | 47ba9aacaa5ca1be77a97800021d2c3821dd0799 /app/models | |
| parent | 1df5c74fc94a0fbeb7b89b7e10655626b58a5bc6 (diff) | |
Fix project search results for digits surrounded by colons
A file containing /:\d+:/ in its contents would break the search results if
those contents were part of the results, because we were splitting on colons,
which can't work with untrusted input.
Changing to use the null byte as a separator is much safer.
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/repository.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/repository.rb b/app/models/repository.rb index 2ffd9558ebc..66869d0539b 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -932,7 +932,7 @@ class Repository return [] if empty? || query.blank? offset = 2 - args = %W(grep -i -I -n --before-context #{offset} --after-context #{offset} -E -e #{Regexp.escape(query)} #{ref || root_ref}) + args = %W(grep -i -I -n -z --before-context #{offset} --after-context #{offset} -E -e #{Regexp.escape(query)} #{ref || root_ref}) run_git(args).first.scrub.split(/^--$/) end |