gitlab-org--gitlab-foss/lib/gitlab/middleware
Jan Provaznik e2ec97a92e Add FileUploader.root to allowed upload paths
Currently we check if uploaded file is under
`Gitlab.config.uploads.storage_path`, the problem is that
uploads are placed in `uploads` subdirectory which is symlink.

In allow_path? method we check real (expanded) paths, which causes
that `Gitlab.config.uploads.storage_path` is expaned into symlink
path and there is a mismatch with upload file path.

By adding `Gitlab.config.uploads.storage_path/uploads` into allowed
paths, this path is expaned during path check.

`Gitlab.config.uploads.storage_path` is left there intentionally in case
some uploader wouldn't use `uploads` subdir.
2018-07-08 10:43:57 +02:00
..
read_only Refactor rspec matchers in read_only_spec.rb 2018-07-07 04:22:44 +00:00
go.rb Allow token authentication on go-get request 2018-02-23 10:33:46 +00:00
multipart.rb Add FileUploader.root to allowed upload paths 2018-07-08 10:43:57 +02:00
rails_queue_duration.rb move metrics for ActiveRecord, RailsCache and queue duration to instance variables 2017-11-02 18:18:16 +01:00
read_only.rb Fix "A copy of Gitlab::Middleware::Readonly has been removed from the module tree but is still active" 2018-03-21 21:18:11 -07:00
release_env.rb [CE] Add Naming/FileName rule checking expected class/module per filename 2018-03-08 12:56:54 +00:00
static.rb Enable RuboCop Style/RegexpLiteral 2018-02-01 02:06:07 +09:00