3be9d2c422
Simply type a name with a `/` directory separator and new directories will be created. This does not do the fancy UI work that github.com does, but it will get the job done. I could not find tests for file creation, so I didn't add a test for this slight behaviour modification. I did test directory traversals though, using both absolute paths like `/tmp/foo.txt` and relative paths like `../../foo.txt`. Neither case escaped the repository, though attempting to traverse with a relative path resulted in a 500 error that did not affect application stability upon reload.
37 lines
1 KiB
Ruby
37 lines
1 KiB
Ruby
require_relative "base_service"
|
|
|
|
module Files
|
|
class CreateService < Files::BaseService
|
|
def commit
|
|
repository.commit_file(current_user, @file_path, @file_content, @commit_message, @target_branch, false)
|
|
end
|
|
|
|
def validate
|
|
super
|
|
|
|
if @file_path =~ Gitlab::Regex.directory_traversal_regex
|
|
raise_error(
|
|
'Your changes could not be committed, because the file name ' +
|
|
Gitlab::Regex.directory_traversal_regex_message
|
|
)
|
|
end
|
|
|
|
unless @file_path =~ Gitlab::Regex.file_path_regex
|
|
raise_error(
|
|
'Your changes could not be committed, because the file name ' +
|
|
Gitlab::Regex.file_path_regex_message
|
|
)
|
|
end
|
|
|
|
unless project.empty_repo?
|
|
@file_path.slice!(0) if @file_path.start_with?('/')
|
|
|
|
blob = repository.blob_at_branch(@current_branch, @file_path)
|
|
|
|
if blob
|
|
raise_error("Your changes could not be committed because a file with the same name already exists")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|