diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
commit | 1fb0bae24e6686b3571fc1c44cbf239d8563e0d7 (patch) | |
tree | f2023d9164543389c3eee436de750d8a49c3a535 /app/controllers | |
parent | 2fa10931183f6d699f77575f084770b1e4b5470d (diff) |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/projects/refs_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 4c2bd2a9d42..278d306301a 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -15,6 +15,8 @@ class Projects::RefsController < Projects::ApplicationController urgency :low, [:switch, :logs_tree] def switch + Gitlab::PathTraversal.check_path_traversal!(@id) + respond_to do |format| format.html do new_path = @@ -40,6 +42,8 @@ class Projects::RefsController < Projects::ApplicationController redirect_to new_path end end + rescue Gitlab::PathTraversal::PathTraversalAttackError + head :bad_request end def logs_tree |