diff options
| author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-12 10:36:40 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2015-04-12 10:36:40 +0300 |
| commit | f244914402aa6b1882671824a1a98d801cd5c45c (patch) | |
| tree | 9f7ccd4be20a664102e356c6b9f3f1e6c7da4ccf /app/workers | |
| parent | 9df14763057359a02daa3b7673cbbeb145e14420 (diff) | |
| parent | 0988be4efa8c9db6b3adcecdbad97367e837961f (diff) | |
Merge branch 'regex-start-of-string' into 'master'
Fix persistent XSS vulnerability around profile website URLs.
Fixes gitlab/gitlab-ee#268
See merge request !1761
Diffstat (limited to 'app/workers')
| -rw-r--r-- | app/workers/post_receive.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/workers/post_receive.rb b/app/workers/post_receive.rb index 0c3ee6ba4ff..33d8cc8861b 100644 --- a/app/workers/post_receive.rb +++ b/app/workers/post_receive.rb @@ -11,8 +11,8 @@ class PostReceive log("Check gitlab.yml config for correct gitlab_shell.repos_path variable. \"#{Gitlab.config.gitlab_shell.repos_path}\" does not match \"#{repo_path}\"") end - repo_path.gsub!(/\.git$/, "") - repo_path.gsub!(/^\//, "") + repo_path.gsub!(/\.git\z/, "") + repo_path.gsub!(/\A\//, "") project = Project.find_with_namespace(repo_path) |