Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Trzciński <ayufan@ayufan.eu>2018-08-23 09:53:50 +0300
committerKamil Trzciński <ayufan@ayufan.eu>2018-08-23 09:53:50 +0300
commit1d71d5046be5ac07fadb52536e122cbd8bf55c77 (patch)
treeeefd7b395787630027ed3757dfbbcf627d0e9c72
parentd4faf530385742bb2aedd4077807793344e3e97b (diff)
parent4ca9f3b417e32c557c182f1ee45b3c3f694174db (diff)
Merge branch 'jprovazn-fix-form-uploads' into 'master'
Add public/uploads/tmp to allowed upload paths Closes #49585 See merge request gitlab-org/gitlab-ce!20942
Diffstat
-rw-r--r--changelogs/unreleased/jprovazn-fix-form-uploads.yml5
-rw-r--r--lib/gitlab/middleware/multipart.rb10
-rw-r--r--spec/lib/gitlab/middleware/multipart_spec.rb20
3 files changed, 32 insertions, 3 deletions
diff --git a/changelogs/unreleased/jprovazn-fix-form-uploads.yml b/changelogs/unreleased/jprovazn-fix-form-uploads.yml
new file mode 100644
index 00000000000..8bcee335e93
--- /dev/null
+++ b/changelogs/unreleased/jprovazn-fix-form-uploads.yml
@@ -0,0 +1,5 @@
+---
+title: Accept upload files in public/uplaods/tmp when using accelerated uploads.
+merge_request:
+author:
+type: fixed
diff --git a/lib/gitlab/middleware/multipart.rb b/lib/gitlab/middleware/multipart.rb
index 18f91db98fc..3d588918adf 100644
--- a/lib/gitlab/middleware/multipart.rb
+++ b/lib/gitlab/middleware/multipart.rb
@@ -82,9 +82,13 @@ module Gitlab
end
def open_file(params, key)
- ::UploadedFile.from_params(
- params, key,
- [FileUploader.root, Gitlab.config.uploads.storage_path])
+ allowed_paths = [
+ FileUploader.root,
+ Gitlab.config.uploads.storage_path,
+ File.join(Rails.root, 'public/uploads/tmp')
+ ]
+
+ ::UploadedFile.from_params(params, key, allowed_paths)
end
end
diff --git a/spec/lib/gitlab/middleware/multipart_spec.rb b/spec/lib/gitlab/middleware/multipart_spec.rb
index f788f8ee276..daf454665b0 100644
--- a/spec/lib/gitlab/middleware/multipart_spec.rb
+++ b/spec/lib/gitlab/middleware/multipart_spec.rb
@@ -75,6 +75,26 @@ describe Gitlab::Middleware::Multipart do
it_behaves_like 'multipart upload files'
end
+ it 'allows files in uploads/tmp directory' do
+ Dir.mktmpdir do |dir|
+ uploads_dir = File.join(dir, 'public/uploads/tmp')
+ FileUtils.mkdir_p(uploads_dir)
+
+ allow(Rails).to receive(:root).and_return(dir)
+ allow(Dir).to receive(:tmpdir).and_return(File.join(Dir.tmpdir, 'tmpsubdir'))
+
+ Tempfile.open('top-level', uploads_dir) do |tempfile|
+ env = post_env({ 'file' => tempfile.path }, { 'file.name' => original_filename, 'file.path' => tempfile.path }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
+
+ expect(app).to receive(:call) do |env|
+ expect(Rack::Request.new(env).params['file']).to be_a(::UploadedFile)
+ end
+
+ middleware.call(env)
+ end
+ end
+ end
+
it 'allows symlinks for uploads dir' do
Tempfile.open('two-levels') do |tempfile|
symlinked_dir = '/some/dir/uploads'
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 02:25:16 +0300