diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-05 00:07:54 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-05 00:07:54 +0300 |
| commit | 2fd92f2dc784ade9cb4e1c33dd60cbfad7b86818 (patch) | |
| tree | 7779f36689db97a46e0268a4aec1d49f283eb0c8 /app/uploaders | |
| parent | 42ca24aa5bbab7a2d43bc866d9bee9876941cea2 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/uploaders')
| -rw-r--r-- | app/uploaders/file_uploader.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/uploaders/file_uploader.rb b/app/uploaders/file_uploader.rb index 0fc71d2e3f3..505b51c2006 100644 --- a/app/uploaders/file_uploader.rb +++ b/app/uploaders/file_uploader.rb @@ -16,6 +16,9 @@ class FileUploader < GitlabUploader MARKDOWN_PATTERN = %r{\!?\[.*?\]\(/uploads/(?<secret>[0-9a-f]{32})/(?<file>.*?)\)}.freeze DYNAMIC_PATH_PATTERN = %r{.*(?<secret>\h{32})/(?<identifier>.*)}.freeze + VALID_SECRET_PATTERN = %r{\A\h{10,32}\z}.freeze + + InvalidSecret = Class.new(StandardError) after :remove, :prune_store_dir @@ -153,6 +156,10 @@ class FileUploader < GitlabUploader def secret @secret ||= self.class.generate_secret + + raise InvalidSecret unless @secret =~ VALID_SECRET_PATTERN + + @secret end # return a new uploader with a file copy on another project |