Add public/uploads/tmp to allowed upload paths

When direct_upload is enabled and a for file is being uploaded, then workhorse uses `public/uploads/tmp` path. If `uploads.storage_path` i sset to a different directory, then upload fails because `public/uploads/tmp` is not in allowed paths.
author: Jan Provaznik <jprovaznik@gitlab.com> 2018-07-31 23:28:48 +0300
committer: Jan Provaznik <jprovaznik@gitlab.com> 2018-08-21 18:39:46 +0300
commit: 4ca9f3b417e32c557c182f1ee45b3c3f694174db (patch)
tree: d603934a7f1e2479da2ea914aa50f3ab14b27030 /lib/gitlab/middleware
parent: d2590b154228ed49dd4a949c889fb6234343ec94 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/gitlab/middleware/multipart.rb b/lib/gitlab/middleware/multipart.rb
index 18f91db98fc..3d588918adf 100644
--- a/lib/gitlab/middleware/multipart.rb
+++ b/lib/gitlab/middleware/multipart.rb
@@ -82,9 +82,13 @@ module Gitlab
         end
 
         def open_file(params, key)
-          ::UploadedFile.from_params(
-            params, key,
-            [FileUploader.root, Gitlab.config.uploads.storage_path])
+          allowed_paths = [
+            FileUploader.root,
+            Gitlab.config.uploads.storage_path,
+            File.join(Rails.root, 'public/uploads/tmp')
+          ]
+
+          ::UploadedFile.from_params(params, key, allowed_paths)
         end
       end
author	Jan Provaznik <jprovaznik@gitlab.com>	2018-07-31 23:28:48 +0300
committer	Jan Provaznik <jprovaznik@gitlab.com>	2018-08-21 18:39:46 +0300
commit	4ca9f3b417e32c557c182f1ee45b3c3f694174db (patch)
tree	d603934a7f1e2479da2ea914aa50f3ab14b27030 /lib/gitlab/middleware
parent	d2590b154228ed49dd4a949c889fb6234343ec94 (diff)