Escape user supplied code before inserting as a POST parameter (!620) · Merge requests · GitLab.org / gitlab-pages · GitLab

Joern Schneeweisz requested to merge joernchen-master-patch-26405 into master Nov 16, 2021

What does this MR do?

The code parameter should be escaped before being inserted into POST query parameters. This MR fixes a non-exploitable parameter injection.

TODO

I added the Changelog trailer (e.g. Changelog: feature) to the commits that need to be included in the changelog
I added unit tests or they are not required
I added acceptance tests or they are not required
I added documentation (or it's not required)
I followed code review guidelines
I followed Go Style guidelines

Edited Nov 17, 2021 by Joern Schneeweisz