diff options
author | Stan Hu <stanhu@gmail.com> | 2018-10-08 09:16:45 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-10-08 23:32:31 +0300 |
commit | 22d7c1379fea684dc09e9347e134741fb6b5b2c6 (patch) | |
tree | f9f818bc18c9612f38410353ff018230df8f28db /app | |
parent | c3389c8006443e2b4d994eb15e60bd249fc4732f (diff) |
Reject invalid branch names in repository compare controller
Closes #51003
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/compare_controller.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index c2df7b34f90..2917925947f 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -16,6 +16,8 @@ class Projects::CompareController < Projects::ApplicationController before_action :define_diff_notes_disabled, only: [:show, :diff_for_path] before_action :define_commits, only: [:show, :diff_for_path, :signatures] before_action :merge_request, only: [:index, :show] + # Validation + before_action :validate_refs! def index end @@ -63,6 +65,21 @@ class Projects::CompareController < Projects::ApplicationController private + def valid_ref?(ref_name) + return true unless ref_name.present? + + Gitlab::GitRefValidator.validate(ref_name) + end + + def validate_refs! + valid = [head_ref, start_ref].map { |ref| valid_ref?(ref) } + + return if valid.all? + + flash[:alert] = "Invalid branch name" + redirect_to project_compare_index_path(@project) + end + def compare return @compare if defined?(@compare) |