Check redirect path in the continue_params
Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2649 https://gitlab.com/gitlab-org/gitlab-ce/issues/13956
This commit is contained in:
parent
a3b626bf25
commit
1cefb73a9c
|
@ -0,0 +1,13 @@
|
||||||
|
module ContinueToParams
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
def continue_params
|
||||||
|
continue_params = params[:continue]
|
||||||
|
return nil unless continue_params
|
||||||
|
|
||||||
|
continue_params = continue_params.permit(:to, :notice, :notice_now)
|
||||||
|
continue_params[:to] = root_url unless continue_params[:to].start_with?('/')
|
||||||
|
|
||||||
|
continue_params
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,4 +1,6 @@
|
||||||
class Projects::ForksController < Projects::ApplicationController
|
class Projects::ForksController < Projects::ApplicationController
|
||||||
|
include ContinueToParams
|
||||||
|
|
||||||
# Authorize
|
# Authorize
|
||||||
before_action :require_non_empty_project
|
before_action :require_non_empty_project
|
||||||
before_action :authorize_download_code!
|
before_action :authorize_download_code!
|
||||||
|
@ -53,15 +55,4 @@ class Projects::ForksController < Projects::ApplicationController
|
||||||
render :error
|
render :error
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def continue_params
|
|
||||||
continue_params = params[:continue]
|
|
||||||
if continue_params
|
|
||||||
continue_params.permit(:to, :notice, :notice_now)
|
|
||||||
else
|
|
||||||
nil
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
class Projects::ImportsController < Projects::ApplicationController
|
class Projects::ImportsController < Projects::ApplicationController
|
||||||
|
include ContinueToParams
|
||||||
|
|
||||||
# Authorize
|
# Authorize
|
||||||
before_action :authorize_admin_project!
|
before_action :authorize_admin_project!
|
||||||
before_action :require_no_repo, only: [:new, :create]
|
before_action :require_no_repo, only: [:new, :create]
|
||||||
|
@ -44,16 +46,6 @@ class Projects::ImportsController < Projects::ApplicationController
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def continue_params
|
|
||||||
continue_params = params[:continue]
|
|
||||||
|
|
||||||
if continue_params
|
|
||||||
continue_params.permit(:to, :notice, :notice_now)
|
|
||||||
else
|
|
||||||
nil
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def finished_notice
|
def finished_notice
|
||||||
if @project.forked?
|
if @project.forked?
|
||||||
'The project was successfully forked.'
|
'The project was successfully forked.'
|
||||||
|
|
Loading…
Reference in New Issue