root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
gitlab-ce/app/controllers/groups
History
blackst0ne 350e26b8a6 [Rails5] Use `safe_params` instead of `params` in `url_for` helpers 
This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the

```
ArgumentError:
  Attempting to generate a URL from non-sanitized request parameters!
  An attacker can inject malicious data into the generated URL, such as
  changing the host. Whitelist and sanitize passed parameters to be secure.
```

error.

[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
 		2018-04-28 21:35:16 +11:00
..
settings Projects and groups badges settings UI 2018-04-08 10:20:05 +00:00
application_controller.rb [Rails5] Use `safe_params` instead of `params` in `url_for` helpers 2018-04-28 21:35:16 +11:00
avatars_controller.rb Port `read_cross_project` ability from EE 2018-02-22 17:11:36 +01:00
boards_controller.rb Bring one group board to CE 2018-03-03 12:56:17 -03:00
children_controller.rb Port `read_cross_project` ability from EE 2018-02-22 17:11:36 +01:00
group_members_controller.rb [Rails5] Rename `sort` methods to `sort_by_attribute` 2018-04-04 09:19:47 +00:00
labels_controller.rb Bring one group board to CE 2018-03-03 12:56:17 -03:00
milestones_controller.rb Show issues of subgroups in group-level issue board 2018-04-05 14:58:49 -03:00
uploads_controller.rb port of 594e6a0a625^..f74c90f68c6 2018-02-01 12:14:46 -05:00
variables_controller.rb Resolve "Make a Rubocop that forbids returning from a block" 2018-04-18 09:19:40 +00:00