From 6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 29 Sep 2021 13:02:17 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee

---
 lib/api/projects.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'lib')

diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index a92d904be84..34e0b528ced 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -89,6 +89,10 @@ module API
           Gitlab::AppLogger.info({ message: "File exceeds maximum size", file_bytes: file.size, project_id: user_project.id, project_path: user_project.full_path, upload_allowed: allowed })
         end
       end
+
+      def check_import_by_url_is_enabled
+        forbidden! unless Gitlab::CurrentSettings.import_sources&.include?('git')
+      end
     end
 
     helpers do
@@ -267,6 +271,7 @@ module API
         attrs = declared_params(include_missing: false)
         attrs = translate_params_for_compatibility(attrs)
         filter_attributes_using_license!(attrs)
+        check_import_by_url_is_enabled if params[:import_url].present?
         project = ::Projects::CreateService.new(current_user, attrs).execute
 
         if project.saved?
-- 
cgit v1.2.3