Commit 1d71d504 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'jprovazn-fix-form-uploads' into 'master'

Add public/uploads/tmp to allowed upload paths

Closes #49585

See merge request gitlab-org/gitlab-ce!20942
parents d4faf530 4ca9f3b4
---
title: Accept upload files in public/uplaods/tmp when using accelerated uploads.
merge_request:
author:
type: fixed
...@@ -82,9 +82,13 @@ module Gitlab ...@@ -82,9 +82,13 @@ module Gitlab
end end
def open_file(params, key) def open_file(params, key)
::UploadedFile.from_params( allowed_paths = [
params, key, FileUploader.root,
[FileUploader.root, Gitlab.config.uploads.storage_path]) Gitlab.config.uploads.storage_path,
File.join(Rails.root, 'public/uploads/tmp')
]
::UploadedFile.from_params(params, key, allowed_paths)
end end
end end
......
...@@ -75,6 +75,26 @@ describe Gitlab::Middleware::Multipart do ...@@ -75,6 +75,26 @@ describe Gitlab::Middleware::Multipart do
it_behaves_like 'multipart upload files' it_behaves_like 'multipart upload files'
end end
it 'allows files in uploads/tmp directory' do
Dir.mktmpdir do |dir|
uploads_dir = File.join(dir, 'public/uploads/tmp')
FileUtils.mkdir_p(uploads_dir)
allow(Rails).to receive(:root).and_return(dir)
allow(Dir).to receive(:tmpdir).and_return(File.join(Dir.tmpdir, 'tmpsubdir'))
Tempfile.open('top-level', uploads_dir) do |tempfile|
env = post_env({ 'file' => tempfile.path }, { 'file.name' => original_filename, 'file.path' => tempfile.path }, Gitlab::Workhorse.secret, 'gitlab-workhorse')
expect(app).to receive(:call) do |env|
expect(Rack::Request.new(env).params['file']).to be_a(::UploadedFile)
end
middleware.call(env)
end
end
end
it 'allows symlinks for uploads dir' do it 'allows symlinks for uploads dir' do
Tempfile.open('two-levels') do |tempfile| Tempfile.open('two-levels') do |tempfile|
symlinked_dir = '/some/dir/uploads' symlinked_dir = '/some/dir/uploads'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment