Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/helpers
diff options
context:
space:
mode:
authorDJ Mountney <dj@gitlab.com>2017-04-06 00:55:19 +0300
committerDJ Mountney <david@twkie.net>2017-04-06 07:06:36 +0300
commit0d8fba4eece4fa527dd764472c0e05e1f05f8bc4 (patch)
treeeec4dcee6aa1c637ca11592e56c3019755a5234f /app/helpers
parent29d8b4ee72c28ade5006f3f1343402782c38b231 (diff)
Merge branch 'path-disclosure-proj-import-export' into 'security'
Fix for path disclosure in project import/export See merge request !2080
Diffstat (limited to 'app/helpers')
-rw-r--r--app/helpers/projects_helper.rb5
1 files changed, 4 insertions, 1 deletions
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index bd0c2cd661e..6b9e4267281 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -407,7 +407,10 @@ module ProjectsHelper
def sanitize_repo_path(project, message)
return '' unless message.present?
- message.strip.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
+ exports_path = File.join(Settings.shared['path'], 'tmp/project_exports')
+ filtered_message = message.strip.gsub(exports_path, "[REPO EXPORT PATH]")
+
+ filtered_message.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
end
def project_feature_options
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 14:28:24 +0300