Add validation to webhook and service URLs to ensure they are not blocked because of SSRF

author: Francisco Javier López <fjlopez@gitlab.com> 2018-06-01 14:43:53 +0300
committer: Douwe Maan <douwe@gitlab.com> 2018-06-01 14:43:53 +0300
commit: 840f80d48b7d8363f171f6137cd9f1fbafb52bfc (patch)
tree: 612c6f9b846f9f2f3b44931db12557024c49ef66 /app/models/badge.rb
parent: e206e32881e4fbfcbe647d7b2ee713c99ef1bf99 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/badge.rb b/app/models/badge.rb
index f7e10c2ebfc..265c5d872d4 100644
--- a/app/models/badge.rb
+++ b/app/models/badge.rb
@@ -18,7 +18,7 @@ class Badge < ActiveRecord::Base
 
   scope :order_created_at_asc, -> { reorder(created_at: :asc) }
 
-  validates :link_url, :image_url, url_placeholder: { protocols: %w(http https), placeholder_regex: PLACEHOLDERS_REGEX }
+  validates :link_url, :image_url, url: { protocols: %w(http https) }
   validates :type, presence: true
 
   def rendered_link_url(project = nil)
author	Francisco Javier López <fjlopez@gitlab.com>	2018-06-01 14:43:53 +0300
committer	Douwe Maan <douwe@gitlab.com>	2018-06-01 14:43:53 +0300
commit	840f80d48b7d8363f171f6137cd9f1fbafb52bfc (patch)
tree	612c6f9b846f9f2f3b44931db12557024c49ef66 /app/models/badge.rb
parent	e206e32881e4fbfcbe647d7b2ee713c99ef1bf99 (diff)