Restore rev param validation that was removed in r2840.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4542 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-12-18 18:37:49 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-12-18 18:37:49 +0000
commit: 84dd413f22b9a3900ceaa33d63758f285908ecb1 (patch)
tree: 1a4b1c2190198d2f8ad5b524aeafa04f396d89f9 /app
parent: f7529c94f651fef7d42c4cb609890de5a2ec9ea5 (diff)
download: redmine-84dd413f22b9a3900ceaa33d63758f285908ecb1.tar.gz
redmine-84dd413f22b9a3900ceaa33d63758f285908ecb1.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index b6dcc3173..03fb69bd6 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -196,7 +196,10 @@ class RepositoriesController < ApplicationController
     end
   end
   
-private
+  private
+
+  REV_PARAM_RE = %r{^[a-f0-9]*$}i
+
   def find_repository
     @project = Project.find(params[:id])
     @repository = @project.repository
@@ -205,6 +208,12 @@ private
     @path ||= ''
     @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
     @rev_to = params[:rev_to]
+    
+    unless @rev.to_s.match(REV_PARAM_RE) && @rev.to_s.match(REV_PARAM_RE)
+      if @repository.branches.blank?
+        raise InvalidRevisionParam
+      end
+    end
   rescue ActiveRecord::RecordNotFound
     render_404
   rescue InvalidRevisionParam
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-12-18 18:37:49 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-12-18 18:37:49 +0000
commit	84dd413f22b9a3900ceaa33d63758f285908ecb1 (patch)
tree	1a4b1c2190198d2f8ad5b524aeafa04f396d89f9 /app
parent	f7529c94f651fef7d42c4cb609890de5a2ec9ea5 (diff)
download	redmine-84dd413f22b9a3900ceaa33d63758f285908ecb1.tar.gz redmine-84dd413f22b9a3900ceaa33d63758f285908ecb1.zip