Add filter param sanitization
This commit is contained in:
parent
94e1404c4b
commit
485b8b86ed
|
@ -1,6 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Import::BitbucketServerController < Import::BaseController
|
||||
include ActionView::Helpers::SanitizeHelper
|
||||
|
||||
before_action :verify_bitbucket_server_import_enabled
|
||||
before_action :bitbucket_auth, except: [:new, :configure]
|
||||
before_action :validate_import_params, only: [:create]
|
||||
|
@ -57,7 +59,7 @@ class Import::BitbucketServerController < Import::BaseController
|
|||
|
||||
# rubocop: disable CodeReuse/ActiveRecord
|
||||
def status
|
||||
@collection = bitbucket_client.repos(page_offset: page_offset, limit: limit_per_page, filter: params[:filter])
|
||||
@collection = bitbucket_client.repos(page_offset: page_offset, limit: limit_per_page, filter: sanitized_filter_param)
|
||||
@repos, @incompatible_repos = @collection.partition { |repo| repo.valid? }
|
||||
|
||||
# Use the import URL to filter beyond what BaseService#find_already_added_projects
|
||||
|
@ -147,4 +149,8 @@ class Import::BitbucketServerController < Import::BaseController
|
|||
def limit_per_page
|
||||
BitbucketServer::Paginator::PAGE_LENGTH
|
||||
end
|
||||
|
||||
def sanitized_filter_param
|
||||
sanitize(params[:filter])
|
||||
end
|
||||
end
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
.input-btn-group.float-right
|
||||
= form_tag status_import_bitbucket_server_path, :method => 'get' do
|
||||
= text_field_tag :filter, params[:filter], class: 'form-control append-bottom-10', placeholder: _('Filter your projects by name'), size: 40, autoFocus: true
|
||||
= text_field_tag :filter, sanitize(params[:filter]), class: 'form-control append-bottom-10', placeholder: _('Filter your projects by name'), size: 40, autoFocus: true
|
||||
|
||||
.table-responsive.prepend-top-10
|
||||
%table.table.import-jobs
|
||||
|
|
|
@ -32,8 +32,8 @@ Import your projects from Bitbucket Server to GitLab with minimal effort.
|
|||
1. Attachments in Markdown are currently not imported.
|
||||
1. Task lists are not imported.
|
||||
1. Emoji reactions are not imported
|
||||
1. Project filtering does not support fuzzy search (only starts with or full
|
||||
match strings are currently supported)
|
||||
1. Project filtering does not support fuzzy search (only `starts with` or `full
|
||||
match strings` are currently supported)
|
||||
|
||||
## How it works
|
||||
|
||||
|
|
Loading…
Reference in New Issue