kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib
History
Jan Provaznik e2ec97a92e Add FileUploader.root to allowed upload paths 
Currently we check if uploaded file is under
`Gitlab.config.uploads.storage_path`, the problem is that
uploads are placed in `uploads` subdirectory which is symlink.

In allow_path? method we check real (expanded) paths, which causes
that `Gitlab.config.uploads.storage_path` is expaned into symlink
path and there is a mismatch with upload file path.

By adding `Gitlab.config.uploads.storage_path/uploads` into allowed
paths, this path is expaned during path check.

`Gitlab.config.uploads.storage_path` is left there intentionally in case
some uploader wouldn't use `uploads` subdir.
2018-07-08 10:43:57 +02:00
..
api Merge branch '46246-gitlab-project-export-should-use-object-storage' into 'master' 2018-07-06 18:57:58 +00:00
assets
backup Move repo backup RPC's to opt-out 2018-06-25 16:21:54 +02:00
banzai Improve render performance of large wiki pages 2018-07-07 13:54:35 +02:00
bitbucket Import bitbucket issues that are reported by an anonymous user 2018-05-24 13:28:58 +02:00
constraints Initial setup GraphQL using graphql-ruby 1.8 2018-06-06 10:58:54 +02:00
container_registry
declarative_policy
generators/rails/post_deployment_migration
gitaly Gitaly metrics check for read/writeability 2018-06-27 08:56:19 +02:00
gitlab Add FileUploader.root to allowed upload paths 2018-07-08 10:43:57 +02:00
google_api
haml_lint
json_web_token
mattermost Updated Mattermost integration to use Mattermost API v4 2018-05-28 09:18:43 -04:00
microsoft_teams Fixes Microsoft Teams notifications for pipeline events 2018-06-12 13:32:11 +02:00
object_storage Update validator 2018-06-04 22:31:01 +02:00
omni_auth/strategies Eliminate constants warnings by: 2018-06-01 13:46:46 +08:00
peek Resolve "Performance bar Gitaly modal is hard to read" 2018-06-14 16:34:58 +00:00
rouge
rspec_flaky Eliminate constants warnings by: 2018-06-01 13:46:46 +08:00
support Export assigned issues in iCalendar feed 2018-05-31 14:01:04 +00:00
system_check Deny repository disk access in development and test 2018-06-14 11:18:25 +00:00
tasks Add pipeline stages position clean-up migration 2018-06-29 13:57:52 +00:00
additional_email_headers_interceptor.rb
after_commit_queue.rb
backup.rb Find and mark more Git disk access locations 2018-06-05 15:51:14 +00:00
banzai.rb
carrier_wave_string_file.rb
declarative_policy.rb
disable_email_interceptor.rb
email_template_interceptor.rb
event_filter.rb
expand_variables.rb
extracts_path.rb
feature.rb Use RequestStore to memoize Flipper features so that memoized values are cleared between requests 2018-06-01 17:51:40 +02:00
file_size_validator.rb
forever.rb
gitlab.rb Stop relying on migrations in the CacheableAttributes cache key and cache attributes for 1 minute instead 2018-07-05 12:34:15 +02:00
gt_one_coercion.rb
milestone_array.rb
mysql_zero_date.rb Mysql fixes for Rails 5 2018-06-21 22:06:50 +02:00
static_model.rb
system_check.rb
unfold_form.rb
uploaded_file.rb Add FileUploader.root to allowed upload paths 2018-07-08 10:43:57 +02:00
version_check.rb