diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 14:59:07 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 14:59:07 +0300 |
commit | 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch) | |
tree | 544930fb309b30317ae9797a9683768705d664c4 /lib/constraints | |
parent | 4b1de649d0168371549608993deac953eb692019 (diff) |
Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42
Diffstat (limited to 'lib/constraints')
-rw-r--r-- | lib/constraints/project_url_constrainer.rb | 2 | ||||
-rw-r--r-- | lib/constraints/repository_redirect_url_constrainer.rb | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/lib/constraints/project_url_constrainer.rb b/lib/constraints/project_url_constrainer.rb index 3e9cf2ab320..d41490d2ebd 100644 --- a/lib/constraints/project_url_constrainer.rb +++ b/lib/constraints/project_url_constrainer.rb @@ -4,7 +4,7 @@ module Constraints class ProjectUrlConstrainer def matches?(request, existence_check: true) namespace_path = request.params[:namespace_id] - project_path = request.params[:project_id] || request.params[:id] || request.params[:repository_id] + project_path = request.params[:project_id] || request.params[:id] full_path = [namespace_path, project_path].join('/') return false unless ProjectPathValidator.valid_path?(full_path) diff --git a/lib/constraints/repository_redirect_url_constrainer.rb b/lib/constraints/repository_redirect_url_constrainer.rb new file mode 100644 index 00000000000..44df670d8d3 --- /dev/null +++ b/lib/constraints/repository_redirect_url_constrainer.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +module Constraints + class RepositoryRedirectUrlConstrainer + def matches?(request) + path = request.params[:repository_path].delete_suffix('.git') + query = request.query_string + + git_request?(query) && container_path?(path) + end + + # Allow /info/refs, /info/refs?service=git-upload-pack, and + # /info/refs?service=git-receive-pack, but nothing else. + def git_request?(query) + query.blank? || + query == 'service=git-upload-pack' || + query == 'service=git-receive-pack' + end + + # Check if the path matches any known repository containers. + # These also cover wikis, since a `.wiki` suffix is valid in project/group paths too. + def container_path?(path) + NamespacePathValidator.valid_path?(path) || + ProjectPathValidator.valid_path?(path) || + path =~ Gitlab::PathRegex.full_snippets_repository_path_regex + end + end +end |