3be9d2c422
Simply type a name with a `/` directory separator and new directories will be created. This does not do the fancy UI work that github.com does, but it will get the job done. I could not find tests for file creation, so I didn't add a test for this slight behaviour modification. I did test directory traversals though, using both absolute paths like `/tmp/foo.txt` and relative paths like `../../foo.txt`. Neither case escaped the repository, though attempting to traverse with a relative path resulted in a 500 error that did not affect application stability upon reload.
20 lines
471 B
Ruby
20 lines
471 B
Ruby
require_relative "base_service"
|
|
|
|
module Files
|
|
class CreateDirService < Files::BaseService
|
|
def commit
|
|
repository.commit_dir(current_user, @file_path, @commit_message, @target_branch)
|
|
end
|
|
|
|
def validate
|
|
super
|
|
|
|
unless @file_path =~ Gitlab::Regex.file_path_regex
|
|
raise_error(
|
|
'Your changes could not be committed, because the file path ' +
|
|
Gitlab::Regex.file_path_regex_message
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|