diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-01 00:11:00 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-01 00:11:00 +0300 |
commit | 5d3df551dda6104f1ed8aa8f3947a2c982f0a7bc (patch) | |
tree | 532e24a0ac6a159675bc1c9e66e5dd5f079e07ec /app/controllers/projects | |
parent | e33402e375d7c05441d1ba6ac5030efb8a9c9537 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/projects')
-rw-r--r-- | app/controllers/projects/refs_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 4c2bd2a9d42..278d306301a 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -15,6 +15,8 @@ class Projects::RefsController < Projects::ApplicationController urgency :low, [:switch, :logs_tree] def switch + Gitlab::PathTraversal.check_path_traversal!(@id) + respond_to do |format| format.html do new_path = @@ -40,6 +42,8 @@ class Projects::RefsController < Projects::ApplicationController redirect_to new_path end end + rescue Gitlab::PathTraversal::PathTraversalAttackError + head :bad_request end def logs_tree |