Merge branch 'regex-start-of-string' into 'master'

Fix persistent XSS vulnerability around profile website URLs. Fixes gitlab/gitlab-ee#268 See merge request !1761
author: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-04-12 10:36:40 +0300
committer: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-04-12 10:36:40 +0300
commit: f244914402aa6b1882671824a1a98d801cd5c45c (patch)
tree: 9f7ccd4be20a664102e356c6b9f3f1e6c7da4ccf /app/helpers/submodule_helper.rb
parent: 9df14763057359a02daa3b7673cbbeb145e14420 (diff)
parent: 0988be4efa8c9db6b3adcecdbad97367e837961f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/helpers/submodule_helper.rb b/app/helpers/submodule_helper.rb
index 99231084cfe..9954617c762 100644
--- a/app/helpers/submodule_helper.rb
+++ b/app/helpers/submodule_helper.rb
@@ -44,7 +44,7 @@ module SubmoduleHelper
 
   def relative_self_url?(url)
     # (./)?(../repo.git) || (./)?(../../project/repo.git) )
-    url =~ /^((\.\/)?(\.\.\/))(?!(\.\.)|(.*\/)).*\.git\Z/ || url =~ /^((\.\/)?(\.\.\/){2})(?!(\.\.))([^\/]*)\/(?!(\.\.)|(.*\/)).*\.git\Z/
+    url =~ /\A((\.\/)?(\.\.\/))(?!(\.\.)|(.*\/)).*\.git\z/ || url =~ /\A((\.\/)?(\.\.\/){2})(?!(\.\.))([^\/]*)\/(?!(\.\.)|(.*\/)).*\.git\z/
   end
 
   def standard_links(host, namespace, project, commit)
author	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-04-12 10:36:40 +0300
committer	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-04-12 10:36:40 +0300
commit	f244914402aa6b1882671824a1a98d801cd5c45c (patch)
tree	9f7ccd4be20a664102e356c6b9f3f1e6c7da4ccf /app/helpers/submodule_helper.rb
parent	9df14763057359a02daa3b7673cbbeb145e14420 (diff)
parent	0988be4efa8c9db6b3adcecdbad97367e837961f (diff)