diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 15:26:25 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 15:26:25 +0300 |
| commit | a09983ae35713f5a2bbb100981116d31ce99826e (patch) | |
| tree | 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /lib/gitlab/middleware | |
| parent | 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff) | |
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'lib/gitlab/middleware')
| -rw-r--r-- | lib/gitlab/middleware/go.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/middleware/multipart.rb | 19 |
2 files changed, 18 insertions, 5 deletions
diff --git a/lib/gitlab/middleware/go.rb b/lib/gitlab/middleware/go.rb index abdbccd3aa8..47d0b9ba8cb 100644 --- a/lib/gitlab/middleware/go.rb +++ b/lib/gitlab/middleware/go.rb @@ -101,7 +101,7 @@ module Gitlab if project # If a project is found and the user has access, we return the full project path - return project.full_path, project.default_branch + [project.full_path, project.default_branch] else # If not, we return the first two components as if it were a simple `namespace/project` path, # so that we don't reveal the existence of a nested project the user doesn't have access to. @@ -112,7 +112,7 @@ module Gitlab # `go get gitlab.com/group/subgroup/project/subpackage` will not work for private projects. # `go get gitlab.com/group/subgroup/project.git/subpackage` will work, since Go is smart enough # to figure that out. `import 'gitlab.com/...'` behaves the same as `go get`. - return simple_project_path, 'master' + [simple_project_path, 'master'] end end diff --git a/lib/gitlab/middleware/multipart.rb b/lib/gitlab/middleware/multipart.rb index 3c45f841653..c0b671abd44 100644 --- a/lib/gitlab/middleware/multipart.rb +++ b/lib/gitlab/middleware/multipart.rb @@ -105,6 +105,21 @@ module Gitlab private + def package_allowed_paths + packages_config = ::Gitlab.config.packages + return [] unless allow_packages_storage_path?(packages_config) + + [::Packages::PackageFileUploader.workhorse_upload_path] + end + + def allow_packages_storage_path?(packages_config) + return false unless packages_config.enabled + return false unless packages_config['storage_path'] + return false if packages_config.object_store.enabled && packages_config.object_store.direct_upload + + true + end + def allowed_paths [ ::FileUploader.root, @@ -112,7 +127,7 @@ module Gitlab JobArtifactUploader.workhorse_upload_path, LfsObjectUploader.workhorse_upload_path, File.join(Rails.root, 'public/uploads/tmp') - ] + ] + package_allowed_paths end end @@ -135,5 +150,3 @@ module Gitlab end end end - -::Gitlab::Middleware::Multipart::Handler.prepend_if_ee('EE::Gitlab::Middleware::Multipart::Handler') |