e2ec97a92e
Currently we check if uploaded file is under `Gitlab.config.uploads.storage_path`, the problem is that uploads are placed in `uploads` subdirectory which is symlink. In allow_path? method we check real (expanded) paths, which causes that `Gitlab.config.uploads.storage_path` is expaned into symlink path and there is a mismatch with upload file path. By adding `Gitlab.config.uploads.storage_path/uploads` into allowed paths, this path is expaned during path check. `Gitlab.config.uploads.storage_path` is left there intentionally in case some uploader wouldn't use `uploads` subdir. |
||
|---|---|---|
| .. | ||
| read_only | ||
| go.rb | ||
| multipart.rb | ||
| rails_queue_duration.rb | ||
| read_only.rb | ||
| release_env.rb | ||
| static.rb | ||