Check redirect path in the continue_params
Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2649 https://gitlab.com/gitlab-org/gitlab-ce/issues/13956
This commit is contained in:
parent
a3b626bf25
commit
1cefb73a9c
|
@ -0,0 +1,13 @@
|
|||
module ContinueToParams
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
def continue_params
|
||||
continue_params = params[:continue]
|
||||
return nil unless continue_params
|
||||
|
||||
continue_params = continue_params.permit(:to, :notice, :notice_now)
|
||||
continue_params[:to] = root_url unless continue_params[:to].start_with?('/')
|
||||
|
||||
continue_params
|
||||
end
|
||||
end
|
|
@ -1,4 +1,6 @@
|
|||
class Projects::ForksController < Projects::ApplicationController
|
||||
include ContinueToParams
|
||||
|
||||
# Authorize
|
||||
before_action :require_non_empty_project
|
||||
before_action :authorize_download_code!
|
||||
|
@ -53,15 +55,4 @@ class Projects::ForksController < Projects::ApplicationController
|
|||
render :error
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def continue_params
|
||||
continue_params = params[:continue]
|
||||
if continue_params
|
||||
continue_params.permit(:to, :notice, :notice_now)
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
class Projects::ImportsController < Projects::ApplicationController
|
||||
include ContinueToParams
|
||||
|
||||
# Authorize
|
||||
before_action :authorize_admin_project!
|
||||
before_action :require_no_repo, only: [:new, :create]
|
||||
|
@ -44,16 +46,6 @@ class Projects::ImportsController < Projects::ApplicationController
|
|||
|
||||
private
|
||||
|
||||
def continue_params
|
||||
continue_params = params[:continue]
|
||||
|
||||
if continue_params
|
||||
continue_params.permit(:to, :notice, :notice_now)
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def finished_notice
|
||||
if @project.forked?
|
||||
'The project was successfully forked.'
|
||||
|
|
Loading…
Reference in New Issue