From 54d022f0323e5689b5419f2ac993ae6d83ad4baa Mon Sep 17 00:00:00 2001
From: Heitor Reis <marcheing@gmail.com>
Date: Thu, 11 Jun 2015 12:07:13 -0300
Subject: [PATCH] Whitelisted Repository branches parameters

---
 app/controllers/repositories_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 24b008d..282219f 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -85,7 +85,8 @@ class RepositoriesController < ApplicationController
   end
 
   def branches
-    branches_list = Repository.branches(params[:url], params[:scm_type])
+    branch_params = branches_params
+    branches_list = Repository.branches(branch_params[:url], branch_params[:scm_type])
 
     respond_to do |format|
       format.json { render json: branches_list }
@@ -127,6 +128,10 @@ private
     params[:repository]
   end
 
+  def branches_params
+    params.permit(:scm_type, :url)
+  end
+
   # Code extracted from create action
   def create_and_redir(format)
     if @repository.save
--
libgit2 0.21.2