Check snippet attached file to be moved is within designated directory

Previously one could move any temp/ sub folder around.
author: Mark Chao <mchao@gitlab.com> 2019-02-13 11:24:26 +0300
committer: Mark Chao <mchao@gitlab.com> 2019-02-21 11:44:44 +0300
commit: d72b1cd0b5b01d6fec6b93d9dfe84f8302083072 (patch)
tree: 8b37b49971929fb56b1f72554f227f8be6a8cb0c /spec/controllers/snippets_controller_spec.rb
parent: a9291f15ea10e3cfc94282ffb4e0969e9d4175eb (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb
index 5c6858dc7b2..77a94f26d8c 100644
--- a/spec/controllers/snippets_controller_spec.rb
+++ b/spec/controllers/snippets_controller_spec.rb
@@ -205,6 +205,8 @@ describe SnippetsController do
     end
 
     context 'when the snippet description contains a file' do
+      include FileMoverHelpers
+
       let(:picture_file) { '/-/system/temp/secret56/picture.jpg' }
       let(:text_file) { '/-/system/temp/secret78/text.txt' }
       let(:description) do
@@ -215,6 +217,8 @@ describe SnippetsController do
       before do
         allow(FileUtils).to receive(:mkdir_p)
         allow(FileUtils).to receive(:move)
+        stub_file_mover(text_file)
+        stub_file_mover(picture_file)
       end
 
       subject { create_snippet({ description: description }, { files: [picture_file, text_file] }) }
author	Mark Chao <mchao@gitlab.com>	2019-02-13 11:24:26 +0300
committer	Mark Chao <mchao@gitlab.com>	2019-02-21 11:44:44 +0300
commit	d72b1cd0b5b01d6fec6b93d9dfe84f8302083072 (patch)
tree	8b37b49971929fb56b1f72554f227f8be6a8cb0c /spec/controllers/snippets_controller_spec.rb
parent	a9291f15ea10e3cfc94282ffb4e0969e9d4175eb (diff)