Merge branch 'security-fix-leaking-namespace-name' into 'security'
Check that user has access to a given namespace to prevent leaking namespace names. See merge request !2009
This commit is contained in:
Douwe Maan
Rémy Coutable
parent
0e43e34b45
commit
4a0e8f59e2
|
|
@ -2,8 +2,8 @@ class Import::GitlabProjectsController < Import::BaseController
|
||||||
before_action :verify_gitlab_project_import_enabled
|
before_action :verify_gitlab_project_import_enabled
|
||||||
|
|
||||||
def new
|
def new
|
||||||
@namespace_id = project_params[:namespace_id]
|
@namespace = Namespace.find(project_params[:namespace_id])
|
||||||
@namespace_name = Namespace.find(project_params[:namespace_id]).name
|
return render_404 unless current_user.can?(:create_projects, @namespace)
|
||||||
@path = project_params[:path]
|
@path = project_params[:path]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,12 +9,12 @@
|
||||||
%p
|
%p
|
||||||
Project will be imported as
|
Project will be imported as
|
||||||
%strong
|
%strong
|
||||||
#{@namespace_name}/#{@path}
|
#{@namespace.name}/#{@path}
|
||||||
|
|
||||||
%p
|
%p
|
||||||
To move or copy an entire GitLab project from another GitLab installation to this one, navigate to the original project's settings page, generate an export file, and upload it here.
|
To move or copy an entire GitLab project from another GitLab installation to this one, navigate to the original project's settings page, generate an export file, and upload it here.
|
||||||
.form-group
|
.form-group
|
||||||
= hidden_field_tag :namespace_id, @namespace_id
|
= hidden_field_tag :namespace_id, @namespace.id
|
||||||
= hidden_field_tag :path, @path
|
= hidden_field_tag :path, @path
|
||||||
= label_tag :file, class: 'control-label' do
|
= label_tag :file, class: 'control-label' do
|
||||||
%span GitLab project export
|
%span GitLab project export
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue