Skip to content

G
gitlab-ce
Commit c5994711 authored by Kamil Trzcinski's avatar Kamil Trzcinski Committed by Phil Hughes
Browse files
Options

Validate existence of artifacts in ArtifactsController, render 404 if not found

parent 86800bf5
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 6 deletions
app/controllers/projects/artifacts_controller.rb
View file @ c5994711
class Projects::ArtifactsController < Projects::ApplicationController class Projects::ArtifactsController < Projects::ApplicationController
layout 'project' layout 'project'
before_action :authorize_read_build! before_action :authorize_read_build!
before_action :validate_artifacts!
def download def download
unless artifacts_file.file_storage? unless artifacts_file.file_storage?
return redirect_to artifacts_file.url return redirect_to artifacts_file.url
end end
unless artifacts_file.exists?
return render_404
end
send_file artifacts_file.path, disposition: 'attachment' send_file artifacts_file.path, disposition: 'attachment'
end end
def browse def browse
return render_404 unless build.artifacts?
directory = params[:path] ? "#{params[:path]}/" : '' directory = params[:path] ? "#{params[:path]}/" : ''
@entry = build.artifacts_metadata_entry(directory) @entry = build.artifacts_metadata_entry(directory)
...@@ -41,6 +36,10 @@ class Projects::ArtifactsController < Projects::ApplicationController ...@@ -41,6 +36,10 @@ class Projects::ArtifactsController < Projects::ApplicationController
private private
def validate_artifacts!
render_404 unless build.artifacts?
end
def build def build
@build ||= project.builds.find_by!(id: params[:build_id]) @build ||= project.builds.find_by!(id: params[:build_id])
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7