Whitelisted Repository branches parameters

Signed-off-by: Pedro Scocco <pedroscocco@gmail.com>

Whitelisted Repository branches parameters
Signed-off-by: Pedro Scocco <pedroscocco@gmail.com>
Heitor
1 parent 3bb92e40
Showing 1 changed file with 6 additions and 1 deletions Show diff stats
app/controllers/repositories_controller.rb
@@ -85,7 +85,8 @@ class RepositoriesController &lt; ApplicationController
   end
  
   def branches
-    branches_list = Repository.branches(params[:url], params[:scm_type])
+    branch_params = branches_params
+    branches_list = Repository.branches(branch_params[:url], branch_params[:scm_type])
  
     respond_to do |format|
       format.json { render json: branches_list }
@@ -127,6 +128,10 @@ private
     params[:repository]
   end
  
+  def branches_params
+    params.permit(:scm_type, :url)
+  end
+
   # Code extracted from create action
   def create_and_redir(format)
     if @repository.save
...	...	@@ -85,7 +85,8 @@ class RepositoriesController < ApplicationController
85	85	end
86	86
87	87	def branches
88		- branches_list = Repository.branches(params[:url], params[:scm_type])
	88	+ branch_params = branches_params
	89	+ branches_list = Repository.branches(branch_params[:url], branch_params[:scm_type])
89	90
90	91	respond_to do \|format\|
91	92	format.json { render json: branches_list }
...	...	@@ -127,6 +128,10 @@ private
127	128	params[:repository]
128	129	end
129	130
	131	+ def branches_params
	132	+ params.permit(:scm_type, :url)
	133	+ end
	134	+
130	135	# Code extracted from create action
131	136	def create_and_redir(format)
132	137	if @repository.save
...	...