gitlab-org--gitlab-foss/config/routes/uploads.rb
DJ Mountney 1d1363e2bb Bring in security changes from the 9.2.5 release
Ran:
 - git format-patch v9.2.2..v9.2.5 --stdout > patchfile.patch
 - git checkout -b 9-2-5-security-patch origin/v9.2.2
 - git apply patchfile.patch
 - git commit
 - [Got the sha ref for the commit]
 - git checkout -b upstream-9-2-security master
 - git cherry-pick <SHA of the patchfile commit>
 - [Resolved conflicts]
 - git cherry-pick --continue
2017-06-07 21:16:20 -07:00

37 lines
1.4 KiB
Ruby

scope path: :uploads do
# Note attachments and User/Group/Project avatars
get "system/:model/:mounted_as/:id/:filename",
to: "uploads#show",
constraints: { model: /note|user|group|project/, mounted_as: /avatar|attachment/, filename: /[^\/]+/ }
# show uploads for models, snippets (notes) available for now
get ':model/:id/:secret/:filename',
to: 'uploads#show',
constraints: { model: /personal_snippet/, id: /\d+/, filename: /[^\/]+/ }
# show temporary uploads
get 'temp/:secret/:filename',
to: 'uploads#show',
constraints: { filename: /[^\/]+/ }
# Appearance
get "system/:model/:mounted_as/:id/:filename",
to: "uploads#show",
constraints: { model: /appearance/, mounted_as: /logo|header_logo/, filename: /.+/ }
# Project markdown uploads
get ":namespace_id/:project_id/:secret/:filename",
to: "projects/uploads#show",
constraints: { namespace_id: /[a-zA-Z.0-9_\-]+/, project_id: /[a-zA-Z.0-9_\-]+/, filename: /[^\/]+/ }
# create uploads for models, snippets (notes) available for now
post ':model',
to: 'uploads#create',
constraints: { model: /personal_snippet/, id: /\d+/ },
as: 'upload'
end
# Redirect old note attachments path to new uploads path.
get "files/note/:id/:filename",
to: redirect("uploads/note/attachment/%{id}/%{filename}"),
constraints: { filename: /[^\/]+/ }