kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/gitlab
History
Jan Provaznik e2ec97a92e Add FileUploader.root to allowed upload paths 
Currently we check if uploaded file is under
`Gitlab.config.uploads.storage_path`, the problem is that
uploads are placed in `uploads` subdirectory which is symlink.

In allow_path? method we check real (expanded) paths, which causes
that `Gitlab.config.uploads.storage_path` is expaned into symlink
path and there is a mismatch with upload file path.

By adding `Gitlab.config.uploads.storage_path/uploads` into allowed
paths, this path is expaned during path check.

`Gitlab.config.uploads.storage_path` is left there intentionally in case
some uploader wouldn't use `uploads` subdir.
2018-07-08 10:43:57 +02:00
..
auth
background_migration Fixed pluck and renamed methods 2018-07-05 22:12:22 +02:00
badge
bare_repository_import
bitbucket_import
cache
checks
ci Merge branch 'remove-trace-efficiently' into 'master' 2018-07-06 09:21:40 +00:00
conflict
cross_project_access
cycle_analytics
data_builder
database
dependency_linker
diff Merge branch 'issue_48474' into 'master' 2018-07-05 10:18:53 +00:00
downtime_check
email
etag_caching
fogbugz_import
gfm add support for file copy on object storage 2018-07-03 09:57:15 -07:00
git Merge branch 'gitaly-set-delete-config' into 'master' 2018-07-06 15:55:10 +00:00
gitaly_client Add Repository#set_config and #delete_config 2018-07-06 12:06:54 +02:00
github_import
gitlab_import
google_code_import
gpg
grape_logging
graphql Add pipeline lists to GraphQL 2018-07-04 10:53:39 +02:00
graphs
hashed_storage
health_checks
hook_data
i18n
import_export fix permissions 2018-07-06 18:07:53 +02:00
kubernetes
legacy_github_import
metrics
middleware Add FileUploader.root to allowed upload paths 2018-07-08 10:43:57 +02:00
performance_bar
popen
project_authorizations
prometheus
query_limiting
quick_actions
redis
request_profiler
sanitizers
search
serializer
sherlock
sidekiq_logging
sidekiq_middleware
sidekiq_status
sidekiq_versioning
slash_commands Correct "autorize" typos 2018-06-27 15:16:18 -05:00
sql
storage_check
template
testing
utils
verify
view/presenter
webpack
access.rb
action_rate_limiter.rb
allowable.rb
app_logger.rb
asciidoc.rb
auth.rb
background_migration.rb
base_doorkeeper_controller.rb
blame.rb
build_access.rb
changes_list.rb
chat_name_token.rb
ci_access.rb
closing_issue_extractor.rb
color_schemes.rb
config_helper.rb
contributions_calendar.rb
contributor.rb
cross_project_access.rb
current_settings.rb
daemon.rb
database.rb Ability to check if underlying database is read only 2018-07-06 17:07:49 +00:00
dependency_linker.rb
downtime_check.rb
ee_compat_check.rb
emoji.rb
encoding_helper.rb
environment.rb
environment_logger.rb
exclusive_lease.rb
exclusive_lease_helpers.rb Add spec for ExclusiveLeaseHelpers 2018-07-03 16:20:27 +09:00
fake_application_settings.rb
favicon.rb Read asset host from ActionController::Base instead of application config 2018-06-29 11:22:51 +02:00
file_detector.rb
file_finder.rb
git.rb
git_access.rb
git_access_wiki.rb
git_logger.rb
git_post_receive.rb
git_ref_validator.rb
gitaly_client.rb Clean up Gitaly N+1 stack traces 2018-07-04 16:11:47 +01:00
github_import.rb
gl_id.rb
gl_repository.rb
gon_helper.rb
gpg.rb
graphql.rb
group_hierarchy.rb
highlight.rb
http.rb
i18n.rb
identifier.rb
import_export.rb Update Import/Export to use object storage (based on aa feature flag) 2018-07-06 15:46:18 +02:00
import_formatter.rb
import_sources.rb
incoming_email.rb
insecure_key_fingerprint.rb
issuable_metadata.rb
issuable_sorter.rb
issuables_count_for_state.rb
issues_labels.rb
job_waiter.rb
kubernetes.rb
lazy.rb
lfs_token.rb
logger.rb
mail_room.rb
markup_helper.rb
metrics.rb
multi_collection_paginator.rb
omniauth_initializer.rb If omniauth_auto_sign_in_with_provider is set, 2018-07-02 16:46:24 +08:00
optimistic_locking.rb
other_markup.rb
otp_key_rotator.rb
pages.rb
pages_client.rb
pages_transfer.rb
path_regex.rb
performance_bar.rb
plugin.rb
plugin_logger.rb
polling_interval.rb
popen.rb
profiler.rb
project_search_results.rb
project_template.rb
project_transfer.rb
prometheus_client.rb
protocol_access.rb
proxy_http_connection_adapter.rb
query_limiting.rb
recaptcha.rb
reference_counter.rb
reference_extractor.rb
regex.rb
repo_path.rb
repository_cache.rb
repository_cache_adapter.rb Expire correct method caches after HEAD changed 2018-06-29 17:41:57 +02:00
repository_check_logger.rb
request_context.rb
request_forgery_protection.rb
request_profiler.rb
route_map.rb
routing.rb
search_results.rb
seeder.rb
sentry.rb
setup_helper.rb
shard_health_cache.rb Bring Gitlab::ShardHealthCache to CE 2018-06-27 21:43:23 +02:00
shell.rb
shell_adapter.rb
sherlock.rb
sidekiq_config.rb
sidekiq_logger.rb
sidekiq_status.rb
sidekiq_throttler.rb
sidekiq_versioning.rb
snippet_search_results.rb
ssh_public_key.rb
storage_check.rb
string_placeholder_replacer.rb
string_range_marker.rb
string_regex_marker.rb
task_helpers.rb
tcp_checker.rb
temporarily_allow.rb
themes.rb
time_tracking_formatter.rb
timeless.rb
untrusted_regexp.rb
update_path_error.rb
upgrader.rb
uploads_transfer.rb
url_blocker.rb
url_builder.rb
url_sanitizer.rb
usage_data.rb
user_access.rb
user_activities.rb
utils.rb
version_info.rb
visibility_level.rb
wiki_file_finder.rb
workhorse.rb