From 3e37801d054b7a56aab644d7acc60812972a9f3d Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Wed, 4 Sep 2019 13:31:46 +0530
Subject: [PATCH] DEV: validate param value on /embed/topics

---
 app/controllers/embed_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/embed_controller.rb b/app/controllers/embed_controller.rb
index 49be221ce26..c4bde730a55 100644
--- a/app/controllers/embed_controller.rb
+++ b/app/controllers/embed_controller.rb
@@ -36,8 +36,8 @@ class EmbedController < ApplicationController
       raise Discourse::InvalidParameters.new(:embed_id) unless @embed_id =~ /^de\-[a-zA-Z0-9]+$/
     end
 
-    if params.has_key?(:template)
-      @template = params[:template]
+    if params.has_key?(:template) && params[:template] == "complete"
+      @template = "complete"
     else
       @template = "basic"
     end