Commit 54d022f0323e5689b5419f2ac993ae6d83ad4baa
1 parent
3bb92e40
Exists in
colab
and in
4 other branches
Whitelisted Repository branches parameters
Signed-off-by: Pedro Scocco <pedroscocco@gmail.com>
Showing
1 changed file
with
6 additions
and
1 deletions
Show diff stats
app/controllers/repositories_controller.rb
| @@ -85,7 +85,8 @@ class RepositoriesController < ApplicationController | @@ -85,7 +85,8 @@ class RepositoriesController < ApplicationController | ||
| 85 | end | 85 | end |
| 86 | 86 | ||
| 87 | def branches | 87 | def branches |
| 88 | - branches_list = Repository.branches(params[:url], params[:scm_type]) | 88 | + branch_params = branches_params |
| 89 | + branches_list = Repository.branches(branch_params[:url], branch_params[:scm_type]) | ||
| 89 | 90 | ||
| 90 | respond_to do |format| | 91 | respond_to do |format| |
| 91 | format.json { render json: branches_list } | 92 | format.json { render json: branches_list } |
| @@ -127,6 +128,10 @@ private | @@ -127,6 +128,10 @@ private | ||
| 127 | params[:repository] | 128 | params[:repository] |
| 128 | end | 129 | end |
| 129 | 130 | ||
| 131 | + def branches_params | ||
| 132 | + params.permit(:scm_type, :url) | ||
| 133 | + end | ||
| 134 | + | ||
| 130 | # Code extracted from create action | 135 | # Code extracted from create action |
| 131 | def create_and_redir(format) | 136 | def create_and_redir(format) |
| 132 | if @repository.save | 137 | if @repository.save |