From df41148662142ce20a77b092665f48dd4dfa7bfb Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzesiek.bizon@gmail.com>
Date: Sat, 2 Jan 2016 20:09:21 +0100
Subject: Improve path sanitization in `StringPath`

---
 app/models/ci/build.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'app/models/ci/build.rb')

diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index f6783e21d90..df51a5ce079 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -352,15 +352,15 @@ module Ci
     def artifacts_metadata_for_path(path)
       return [] unless artifacts_metadata.exists?
       paths, metadata = [], []
-      meta_path = path.sub(/^\.\//, '')
 
+      metadata_path = path.sub(/^\.\//, '')
       File.open(artifacts_metadata.path) do |file|
         gzip = Zlib::GzipReader.new(file)
         gzip.each_line do |line|
-          if line =~ %r{^#{meta_path}[^/]+/?\s}
-            path, meta =  line.split(' ')
-            paths << path
-            metadata << JSON.parse(meta)
+          if line =~ %r{^#{Regexp.escape(metadata_path)}[^/\s]+/?\s}
+            matched_path, matched_meta =  line.split(' ')
+            paths << matched_path
+            metadata << JSON.parse(matched_meta)
           end
         end
         gzip.close
-- 
cgit v1.2.3