diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 13:15:45 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 13:15:45 +0300 |
commit | 14b92217e768aa4f3ce2d8b30f2c2acbdfdd8f6a (patch) | |
tree | a0bfb2e384a89525c68c09f54fa6b1b9005e4d93 /app | |
parent | e8ae58a7c189407375b3f575b7aa8fb17a1e4f99 (diff) |
Add latest changes from gitlab-org/security/gitlab@14-4-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/models/namespace.rb | 11 | ||||
-rw-r--r-- | app/models/user.rb | 2 |
2 files changed, 10 insertions, 3 deletions
diff --git a/app/models/namespace.rb b/app/models/namespace.rb index e6406293c66..07f9bb99952 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -34,6 +34,8 @@ class Namespace < ApplicationRecord SHARED_RUNNERS_SETTINGS = [SR_DISABLED_AND_UNOVERRIDABLE, SR_DISABLED_WITH_OVERRIDE, SR_ENABLED].freeze URL_MAX_LENGTH = 255 + PATH_TRAILING_VIOLATIONS = %w[.git .atom .].freeze + cache_markdown_field :description, pipeline: :description has_many :projects, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent @@ -200,9 +202,14 @@ class Namespace < ApplicationRecord # Remove everything that's not in the list of allowed characters. path.gsub!(/[^a-zA-Z0-9_\-\.]/, "") # Remove trailing violations ('.atom', '.git', or '.') - path.gsub!(/(\.atom|\.git|\.)*\z/, "") + loop do + orig = path + PATH_TRAILING_VIOLATIONS.each { |ext| path = path.chomp(ext) } + break if orig == path + end + # Remove leading violations ('-') - path.gsub!(/\A\-+/, "") + path.gsub!(/\A\-+/, "") # Users with the great usernames of "." or ".." would end up with a blank username. # Work around that by setting their username to "blank", followed by a counter. diff --git a/app/models/user.rb b/app/models/user.rb index 25a2588a6a7..0e19e6e4a79 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1434,7 +1434,7 @@ class User < ApplicationRecord name: name, username: username, avatar_url: avatar_url(only_path: false), - email: email + email: public_email.presence || _('[REDACTED]') } end |