diff options
author | José Iván Vargas López <jvargas@gitlab.com> | 2018-08-29 00:29:06 +0300 |
---|---|---|
committer | José Iván Vargas López <jvargas@gitlab.com> | 2018-08-29 00:29:06 +0300 |
commit | 27580720e1c26e0508960152753d2230cebbe681 (patch) | |
tree | 7cec3ef7b9834846ee473790e465851c9ea27b04 /lib/gitlab/import_export | |
parent | 365217eb9a3272133b6db53726d443f1eb126cde (diff) | |
parent | 029d5eeb9d2520ba341b3e4e0939e85b4ebd7033 (diff) |
Merge branch 'security-mk-exclude-orphaned-upload-files-from-export' into 'master'
[master] Resolve "Orphaned upload files are accessible via project exports"
Closes #2695
See merge request gitlab/gitlabhq!2453
Diffstat (limited to 'lib/gitlab/import_export')
-rw-r--r-- | lib/gitlab/import_export/uploads_manager.rb | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/lib/gitlab/import_export/uploads_manager.rb b/lib/gitlab/import_export/uploads_manager.rb index 07875ebb56a..e0d4235e65b 100644 --- a/lib/gitlab/import_export/uploads_manager.rb +++ b/lib/gitlab/import_export/uploads_manager.rb @@ -13,13 +13,11 @@ module Gitlab end def save - copy_files(@from, uploads_export_path) if File.directory?(@from) - if File.file?(@from) && @relative_export_path == 'avatar' copy_files(@from, File.join(uploads_export_path, @project.avatar.filename)) end - copy_from_object_storage + copy_project_uploads true rescue => e @@ -48,14 +46,19 @@ module Gitlab UploadService.new(@project, File.open(upload, 'r'), FileUploader, uploader_context).execute end - def copy_from_object_storage - return unless Gitlab::ImportExport.object_storage? - + def copy_project_uploads each_uploader do |uploader| next unless uploader.file - next if uploader.upload.local? # Already copied, using the old method - download_and_copy(uploader) + if uploader.upload.local? + next unless uploader.upload.exist? + + copy_files(uploader.absolute_path, File.join(uploads_export_path, uploader.upload.path)) + else + next unless Gitlab::ImportExport.object_storage? + + download_and_copy(uploader) + end end end |