e2ec97a92e
Currently we check if uploaded file is under `Gitlab.config.uploads.storage_path`, the problem is that uploads are placed in `uploads` subdirectory which is symlink. In allow_path? method we check real (expanded) paths, which causes that `Gitlab.config.uploads.storage_path` is expaned into symlink path and there is a mismatch with upload file path. By adding `Gitlab.config.uploads.storage_path/uploads` into allowed paths, this path is expaned during path check. `Gitlab.config.uploads.storage_path` is left there intentionally in case some uploader wouldn't use `uploads` subdir. |
||
---|---|---|
.. | ||
read_only | ||
go.rb | ||
multipart.rb | ||
rails_queue_duration.rb | ||
read_only.rb | ||
release_env.rb | ||
static.rb |