Merge branch 'security-fix-leaking-namespace-name' into 'security'
Check that user has access to a given namespace to prevent leaking namespace names. See merge request !2009
This commit is contained in:
parent
0e43e34b45
commit
4a0e8f59e2
|
@ -2,8 +2,8 @@ class Import::GitlabProjectsController < Import::BaseController
|
|||
before_action :verify_gitlab_project_import_enabled
|
||||
|
||||
def new
|
||||
@namespace_id = project_params[:namespace_id]
|
||||
@namespace_name = Namespace.find(project_params[:namespace_id]).name
|
||||
@namespace = Namespace.find(project_params[:namespace_id])
|
||||
return render_404 unless current_user.can?(:create_projects, @namespace)
|
||||
@path = project_params[:path]
|
||||
end
|
||||
|
||||
|
|
|
@ -9,12 +9,12 @@
|
|||
%p
|
||||
Project will be imported as
|
||||
%strong
|
||||
#{@namespace_name}/#{@path}
|
||||
#{@namespace.name}/#{@path}
|
||||
|
||||
%p
|
||||
To move or copy an entire GitLab project from another GitLab installation to this one, navigate to the original project's settings page, generate an export file, and upload it here.
|
||||
.form-group
|
||||
= hidden_field_tag :namespace_id, @namespace_id
|
||||
= hidden_field_tag :namespace_id, @namespace.id
|
||||
= hidden_field_tag :path, @path
|
||||
= label_tag :file, class: 'control-label' do
|
||||
%span GitLab project export
|
||||
|
|
Loading…
Reference in New Issue