Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/gfm
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-03-26 21:08:03 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-03-26 21:08:03 +0300
commitdc003cd08b4cb72fecbb03aa978ea0c53c03aeb4 (patch)
tree5e77ce228c33619201ac6706b9789d4a2eed2a3b /lib/gitlab/gfm
parente80e0dd64fbb04f60394cb1bb08e17dbcb22b8ce (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/gfm')
-rw-r--r--lib/gitlab/gfm/uploads_rewriter.rb2
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gitlab/gfm/uploads_rewriter.rb b/lib/gitlab/gfm/uploads_rewriter.rb
index 6b52d6e88e5..23af0a9bb18 100644
--- a/lib/gitlab/gfm/uploads_rewriter.rb
+++ b/lib/gitlab/gfm/uploads_rewriter.rb
@@ -22,6 +22,8 @@ module Gitlab
return @text unless needs_rewrite?
@text.gsub(@pattern) do |markdown|
+ Gitlab::Utils.check_path_traversal!($~[:file])
+
file = find_file(@source_project, $~[:secret], $~[:file])
break markdown unless file.try(:exists?)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-08 19:36:17 +0300