diff options
author | Nick Thomas <nick@gitlab.com> | 2017-08-29 16:30:02 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-08-29 16:30:02 +0300 |
commit | 243bdbc4980905220706bdb9215a7d802eced502 (patch) | |
tree | 1a067bfeb439d6613fae09e95587b7aa4496f316 | |
parent | 0173d4e6b6b17443155d121a9098d0e742b9c4e3 (diff) | |
parent | fd3aa1374e1390d3b20cbd0963d9599c5bbb90ae (diff) |
Merge branch 'pages-gz-symlink-0.5.1' into 'master'v0.5.1
Don't serve statically-compiled `.gz` files that are symlinks (v0.5.1)
See merge request gitlab/gitlab-pages!1
-rw-r--r-- | CHANGELOG | 3 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | domain.go | 4 | ||||
-rw-r--r-- | domain_test.go | 2 | ||||
-rw-r--r-- | shared/pages/group/group.test.io/public/gz-symlink | 1 | ||||
l--------- | shared/pages/group/group.test.io/public/gz-symlink.gz | 1 |
6 files changed, 10 insertions, 3 deletions
@@ -1,3 +1,6 @@ +v 0.5.1 +- Don't serve statically-compiled `.gz` files that are symlinks + v 0.5.0 - Don't try to update domains if reading the update file fails !32 - Add CORS support to GET requests !33 @@ -1 +1 @@ -0.5.0 +0.5.1 @@ -41,8 +41,8 @@ func handleGZip(w http.ResponseWriter, r *http.Request, fullPath string) string gzipPath := fullPath + ".gz" - _, err := os.Stat(gzipPath) - if err != nil { + // Ensure the .gz file is not a symlink + if fi, err := os.Lstat(gzipPath); err != nil || !fi.Mode().IsRegular() { return fullPath } diff --git a/domain_test.go b/domain_test.go index 3ccac7ca..e1d5154f 100644 --- a/domain_test.go +++ b/domain_test.go @@ -122,6 +122,8 @@ func TestGroupServeHTTPGzip(t *testing.T) { {"GET", "http://group.test.io/", nil, ";; gzip", "main-dir", false}, {"GET", "http://group.test.io/", nil, "middle-out", "main-dir", false}, {"GET", "http://group.test.io/", nil, "gzip; quality=1", "main-dir", false}, + // Symlinked .gz files are not supported + {"GET", "http://group.test.io/gz-symlink", nil, "*", "data", false}, } for _, tt := range testSet { diff --git a/shared/pages/group/group.test.io/public/gz-symlink b/shared/pages/group/group.test.io/public/gz-symlink new file mode 100644 index 00000000..6320cd24 --- /dev/null +++ b/shared/pages/group/group.test.io/public/gz-symlink @@ -0,0 +1 @@ +data
\ No newline at end of file diff --git a/shared/pages/group/group.test.io/public/gz-symlink.gz b/shared/pages/group/group.test.io/public/gz-symlink.gz new file mode 120000 index 00000000..28e14853 --- /dev/null +++ b/shared/pages/group/group.test.io/public/gz-symlink.gz @@ -0,0 +1 @@ +../config.json
\ No newline at end of file |