Ensure attributes that end in `_ids` are cleaned
This prevents an issue where you can steal other projects objects by asking for ids that don't belong to you in import.
This commit is contained in:
parent
23d237110e
commit
0531a33889
|
@ -4,7 +4,7 @@ module Gitlab
|
|||
module ImportExport
|
||||
class AttributeCleaner
|
||||
ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id]
|
||||
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_html\Z/).freeze
|
||||
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze
|
||||
|
||||
def self.clean(*args)
|
||||
new(*args).clean
|
||||
|
|
Loading…
Reference in New Issue