From d55428b8424f1a6469b2b8e92a03994de79b0fd3 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 31 Oct 2013 11:25:08 +0200
Subject: [PATCH] Shell escape code search

---
 app/contexts/search_context.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/contexts/search_context.rb b/app/contexts/search_context.rb
index 48def0784fd..ff322978559 100644
--- a/app/contexts/search_context.rb
+++ b/app/contexts/search_context.rb
@@ -6,7 +6,7 @@ class SearchContext
   end
 
   def execute
-    query = params[:search]
+    query = Shellwords.shellescape(params[:search])
 
     return result unless query.present?
 
-- 
GitLab