From c736ffdfb043df34a89273639297cfc86d2d5f88 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 14 Oct 2016 16:04:23 +0300
Subject: Validate user id for users select autcomplete

Single user autcomplete should be used only for existing users with
digital ID provided. Now js code puts any input into generating user URL
which can lead to 500 error because routing like this does not exists:

GET "/autocomplete/users/whatever@example.com.json".

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/assets/javascripts/users_select.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/assets/javascripts/users_select.js b/app/assets/javascripts/users_select.js
index 6aa0e1cd2b6..3020b7cc239 100644
--- a/app/assets/javascripts/users_select.js
+++ b/app/assets/javascripts/users_select.js
@@ -325,6 +325,10 @@
     };
 
     UsersSelect.prototype.user = function(user_id, callback) {
+      if(!/^\d+$/.test(user_id)) {
+        return false;
+      }
+
       var url;
       url = this.buildUrl(this.userPath);
       url = url.replace(':id', user_id);
-- 
cgit v1.2.1