add patch for cve-2016-9469

This commit is contained in:
Praveen Arimbrathodiyil 2016-12-05 11:53:48 +05:30
parent 41d8f78b21
commit f0360bd323
2 changed files with 32 additions and 0 deletions

31
debian/patches/cve-2016-9469.diff vendored Normal file
View file

@ -0,0 +1,31 @@
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index e42d5af..2c9412b 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -7,7 +7,7 @@
# current_user - which user use
# params:
# scope: 'created-by-me' or 'assigned-to-me' or 'all'
-# state: 'open' or 'closed' or 'all'
+# state: 'opened' or 'closed' or 'all'
# group_id: integer
# project_id: integer
# milestone_title: string
@@ -183,10 +183,13 @@ class IssuableFinder
end
def by_state(items)
- params[:state] ||= 'all'
-
- if items.respond_to?(params[:state])
- items.public_send(params[:state])
+ case params[:state].to_s
+ when 'closed'
+ items.closed
+ when 'merged'
+ items.respond_to?(:merged) ? items.merged : items.closed
+ when 'opened'
+ items.opened
else
items
end

View file

@ -8,3 +8,4 @@ source-init-functions.patch
pid-log-paths.patch
052-relax-grape.patch
0200-remove-order-dependency-in-label-finder-spec.patch
cve-2016-9469.diff