Commit 4724afa0 authored by Jasper Maes's avatar Jasper Maes

Actually set raise_on_unfiltered_parameters to true

parent c46b8e96
......@@ -4,19 +4,19 @@ class Projects::LfsLocksApiController < Projects::GitHttpClientController
include LfsRequest
def create
@result = Lfs::LockFileService.new(project, user, params).execute
@result = Lfs::LockFileService.new(project, user, lfs_params).execute
render_json(@result[:lock])
end
def unlock
@result = Lfs::UnlockFileService.new(project, user, params).execute
@result = Lfs::UnlockFileService.new(project, user, lfs_params).execute
render_json(@result[:lock])
end
def index
@result = Lfs::LocksFinderService.new(project, user, params).execute
@result = Lfs::LocksFinderService.new(project, user, lfs_params).execute
render_json(@result[:locks])
end
......@@ -69,4 +69,8 @@ class Projects::LfsLocksApiController < Projects::GitHttpClientController
def upload_request?
%w(create unlock verify).include?(params[:action])
end
def lfs_params
params.permit(:id, :path, :force)
end
end
......@@ -32,7 +32,7 @@ module MembersHelper
end
def filter_group_project_member_path(options = {})
options = params.slice(:search, :sort).merge(options)
options = params.slice(:search, :sort).merge(options).permit!
"#{request.path}?#{options.to_param}"
end
end
......@@ -5,7 +5,7 @@ module Projects
include Gitlab::Utils::StrongMemoize
def initialize(user, params)
@current_user, @params = user, params.dup
@current_user, @params = user, params.to_h.dup
end
def execute
......
---
title: Actually set raise_on_unfiltered_parameters to true
merge_request: 24443
author: Jasper Maes
type: other
......@@ -162,6 +162,9 @@ module Gitlab
config.action_view.sanitized_allowed_protocols = %w(smb)
# Can be removed once upgraded to Rails 5.1 or higher
config.action_controller.raise_on_unfiltered_parameters = true
# Nokogiri is significantly faster and uses less memory than REXML
ActiveSupport::XmlMini.backend = 'Nokogiri'
......
......@@ -8,8 +8,6 @@
#
# Read the Guide for Upgrading Ruby on Rails for more info on each option.
Rails.application.config.action_controller.raise_on_unfiltered_parameters = true
# Enable per-form CSRF tokens. Previous versions had false.
Rails.application.config.action_controller.per_form_csrf_tokens = false
......
......@@ -132,6 +132,17 @@ describe 'Git LFS File Locking API' do
expect(json_response['lock'].keys).to match_array(%w(id path locked_at owner))
end
context 'when a maintainer uses force' do
let(:authorization) { authorize_user(maintainer) }
it 'deletes the lock' do
project.add_maintainer(maintainer)
post_lfs_json url, { force: true }, headers
expect(response).to have_gitlab_http_status(200)
end
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment