Merge branch 'security-56348-11-7' into '11-7-stable'

Check snippet attached file to be moved is within designated directory See merge request gitlab/gitlabhq!2942
author: Yorick Peterse <yorickpeterse@gmail.com> 2019-02-27 17:20:44 +0300
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-02-27 17:20:44 +0300
commit: 95f17f79dbf9179685c8fe08183dd6c75e944509 (patch)
tree: 3aa73b58cad71fc3cf514a538a6eea30c08069c0 /app
parent: f066bbec73af3fc34dfd81f4180ba75e91ea6cab (diff)
parent: 7fa334135f3afe82bd9ec7855cbc8bc7e92912dd (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/uploaders/file_mover.rb b/app/uploaders/file_mover.rb
index a7f8615e9ba..236b7ed2b3d 100644
--- a/app/uploaders/file_mover.rb
+++ b/app/uploaders/file_mover.rb
@@ -11,6 +11,8 @@ class FileMover
   end
 
   def execute
+    return unless valid?
+
     move
 
     if update_markdown
@@ -21,6 +23,12 @@ class FileMover
 
   private
 
+  def valid?
+    Pathname.new(temp_file_path).realpath.to_path.start_with?(
+      (Pathname(temp_file_uploader.root) + temp_file_uploader.base_dir).to_path
+    )
+  end
+
   def move
     FileUtils.mkdir_p(File.dirname(file_path))
     FileUtils.move(temp_file_path, file_path)
author	Yorick Peterse <yorickpeterse@gmail.com>	2019-02-27 17:20:44 +0300
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-02-27 17:20:44 +0300
commit	95f17f79dbf9179685c8fe08183dd6c75e944509 (patch)
tree	3aa73b58cad71fc3cf514a538a6eea30c08069c0 /app
parent	f066bbec73af3fc34dfd81f4180ba75e91ea6cab (diff)
parent	7fa334135f3afe82bd9ec7855cbc8bc7e92912dd (diff)