1. 08 Jul, 2018 1 commit
    • Jan Provaznik's avatar
      Add FileUploader.root to allowed upload paths · e2ec97a9
      Jan Provaznik authored
      Currently we check if uploaded file is under
      `Gitlab.config.uploads.storage_path`, the problem is that
      uploads are placed in `uploads` subdirectory which is symlink.
      
      In allow_path? method we check real (expanded) paths, which causes
      that `Gitlab.config.uploads.storage_path` is expaned into symlink
      path and there is a mismatch with upload file path.
      
      By adding `Gitlab.config.uploads.storage_path/uploads` into allowed
      paths, this path is expaned during path check.
      
      `Gitlab.config.uploads.storage_path` is left there intentionally in case
      some uploader wouldn't use `uploads` subdir.
      e2ec97a9
  2. 07 Jul, 2018 12 commits
  3. 06 Jul, 2018 27 commits