From 05aac11ac90b9157ea39944abfcf6be3fd8f9fb9 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 1 Sep 2020 22:56:42 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

---
 app/services/projects/update_remote_mirror_service.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app/services')

diff --git a/app/services/projects/update_remote_mirror_service.rb b/app/services/projects/update_remote_mirror_service.rb
index fe2610f89fb..7961f689259 100644
--- a/app/services/projects/update_remote_mirror_service.rb
+++ b/app/services/projects/update_remote_mirror_service.rb
@@ -7,6 +7,10 @@ module Projects
     def execute(remote_mirror, tries)
       return success unless remote_mirror.enabled?
 
+      if Gitlab::UrlBlocker.blocked_url?(CGI.unescape(Gitlab::UrlSanitizer.sanitize(remote_mirror.url)))
+        return error("The remote mirror URL is invalid.")
+      end
+
       update_mirror(remote_mirror)
 
       success
-- 
cgit v1.2.3