kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib
History
Kamil Trzciński 66744469d4
Extract GitLab Pages using RubyZip 
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.

We introduce the following additional checks
to extract routines:

1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
   like `public/`,
4. The symlink source needs to exist ahead of time.
 		2019-01-31 16:52:48 +01:00
..
api Present all pipeline triggers using trigger presenter 2019-01-31 16:51:17 +01:00
assets
backup Modify file restore to rectify tar issue 2019-01-17 10:07:29 -06:00
banzai Show tooltip for malicious looking links 2019-01-31 16:52:20 +01:00
bitbucket
bitbucket_server Fix Bitbucket Server importer error handling 2019-01-12 22:14:08 -08:00
constraints Pass on arguments passed to the FeatureConstrainer 2018-12-14 14:35:05 +01:00
container_registry Add Container Registry API 2019-01-25 13:13:48 +01:00
declarative_policy
flowdock
generators/rails/post_deployment_migration
gitaly
gitlab Prevent comments by email when issue is locked 2019-01-31 16:52:48 +01:00
google_api
haml_lint
json_web_token Set typ field in JSONWebToken::RSAToken 2018-12-29 07:37:08 -08:00
mattermost
microsoft_teams
object_storage
omni_auth/strategies
peek
quality
rouge
rspec_flaky
safe_zip Extract GitLab Pages using RubyZip 2019-01-31 16:52:48 +01:00
sentry Update Sentry client to get project list 2019-01-31 10:05:29 +00:00
serializers Add config_options|variables to BuildMetadata 2019-01-04 16:38:17 +01:00
support
system_check chore(rubocop): fix Style/TrivialAccessors issues 2019-01-16 13:53:04 +05:00
tasks Refactor Storage Migration 2019-01-25 20:26:35 +01:00
after_commit_queue.rb
backup.rb
banzai.rb
carrier_wave_string_file.rb
declarative_policy.rb Remove rails4 specific code 2018-12-16 10:48:41 +01:00
event_filter.rb
expand_variables.rb
extracts_path.rb
feature.rb Allow setting of feature gates per project 2019-01-14 14:29:51 +01:00
file_size_validator.rb
forever.rb
gitlab.rb Revert the "What's new" feature 2019-01-29 20:45:47 +00:00
gt_one_coercion.rb
milestone_array.rb
mysql_zero_date.rb Remove rails4 specific code 2018-12-16 10:48:41 +01:00
static_model.rb
system_check.rb
unfold_form.rb
uploaded_file.rb
version_check.rb Use class methods for VersionCheck 2018-12-14 13:56:03 -06:00