Do not pass unsanitized params to issue move service

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2016-02-24 11:52:02 +0100
committer: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2016-03-17 07:39:15 +0100
commit: 57eb39548879109dff3813129fca7acbcca23f71 (patch)
tree: 1200e14d9cc92072a44d86fd05415cb8e500849c /app/services/issues
parent: 4cbe87d50ecfad9b97ba76f05935124676c96052 (diff)
download: gitlab-ce-57eb39548879109dff3813129fca7acbcca23f71.tar.gz
1 files changed, 2 insertions, 5 deletions
diff --git a/app/services/issues/move_service.rb b/app/services/issues/move_service.rb
index bba972382d9..55239d566f1 100644
--- a/app/services/issues/move_service.rb
+++ b/app/services/issues/move_service.rb
@@ -1,15 +1,12 @@
 module Issues
   class MoveService < Issues::BaseService
-    def initialize(project, current_user, params, issue)
+    def initialize(project, current_user, params, issue, new_project_id)
       super(project, current_user, params)
 
       @issue_old = issue
       @issue_new = @issue_old.dup
       @project_old = @project
-
-      if params['move_to_project_id']
-        @project_new = Project.find(params['move_to_project_id'])
-      end
+      @project_new = Project.find(new_project_id) if new_project_id
     end
 
     def execute
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2016-02-24 11:52:02 +0100
committer	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2016-03-17 07:39:15 +0100
commit	57eb39548879109dff3813129fca7acbcca23f71 (patch)
tree	1200e14d9cc92072a44d86fd05415cb8e500849c /app/services/issues
parent	4cbe87d50ecfad9b97ba76f05935124676c96052 (diff)
download	gitlab-ce-57eb39548879109dff3813129fca7acbcca23f71.tar.gz