Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
c161065e
Commit
c161065e
authored
Apr 22, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don't mess up our parent controller
parent
9add3fbb
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
28 additions
and
30 deletions
+28
-30
app/controllers/projects/application_controller.rb
app/controllers/projects/application_controller.rb
+7
-19
app/controllers/projects/git_http_controller.rb
app/controllers/projects/git_http_controller.rb
+21
-11
No files found.
app/controllers/projects/application_controller.rb
View file @
c161065e
...
@@ -10,6 +10,9 @@ class Projects::ApplicationController < ApplicationController
...
@@ -10,6 +10,9 @@ class Projects::ApplicationController < ApplicationController
def
project
def
project
unless
@project
unless
@project
namespace
=
params
[
:namespace_id
]
id
=
params
[
:project_id
]
||
params
[
:id
]
# Redirect from
# Redirect from
# localhost/group/project.git
# localhost/group/project.git
# to
# to
...
@@ -20,11 +23,12 @@ class Projects::ApplicationController < ApplicationController
...
@@ -20,11 +23,12 @@ class Projects::ApplicationController < ApplicationController
return
return
end
end
@project
=
find_project
project_path
=
"
#{
namespace
}
/
#{
id
}
"
@project
=
Project
.
find_with_namespace
(
project_path
)
if
@project
&&
can?
(
current_user
,
:read_project
,
@project
)
if
@project
&&
can?
(
current_user
,
:read_project
,
@project
)
if
@project
.
path_with_namespace
!=
p
ath_with_namespace
if
@project
.
path_with_namespace
!=
p
roject_path
redirect_to
request
.
original_url
.
gsub
(
p
ath_with_namespace
,
@project
.
path_with_namespace
)
redirect_to
request
.
original_url
.
gsub
(
p
roject_path
,
@project
.
path_with_namespace
)
end
end
else
else
@project
=
nil
@project
=
nil
...
@@ -40,22 +44,6 @@ class Projects::ApplicationController < ApplicationController
...
@@ -40,22 +44,6 @@ class Projects::ApplicationController < ApplicationController
@project
@project
end
end
def
id
params
[
:project_id
]
||
params
[
:id
]
end
def
namespace
params
[
:namespace_id
]
end
def
path_with_namespace
"
#{
namespace
}
/
#{
id
}
"
end
def
find_project
Project
.
find_with_namespace
(
path_with_namespace
)
end
def
repository
def
repository
@repository
||=
project
.
repository
@repository
||=
project
.
repository
end
end
...
...
app/controllers/projects/git_http_controller.rb
View file @
c161065e
...
@@ -119,27 +119,37 @@ class Projects::GitHttpController < Projects::ApplicationController
...
@@ -119,27 +119,37 @@ class Projects::GitHttpController < Projects::ApplicationController
def
project
def
project
return
@project
if
defined?
(
@project
)
return
@project
if
defined?
(
@project
)
@project
=
find_project
project_id
,
_
=
project_id_with_suffix
if
project_id
.
blank?
@project
=
nil
else
@project
=
Project
.
find_with_namespace
(
"
#{
params
[
:namespace_id
]
}
/
#{
project_id
}
"
)
end
end
end
def
id
# This method returns two values so that we can parse
id
=
params
[
:project_id
]
# params[:project_id] (untrusted input!) in exactly one place.
return
if
id
.
nil?
def
project_id_with_suffix
id
=
params
[
:project_id
]
||
''
%w{.wiki.git .git}
.
each
do
|
suffix
|
%w{.wiki.git .git}
.
each
do
|
suffix
|
if
id
.
end_with?
(
suffix
)
# Be careful to only remove the suffix from the end of 'id'.
# Be careful to only remove the suffix from the end of 'id'.
# Accidentally removing it from the middle is how security
# Accidentally removing it from the middle is how security
# vulnerabilities happen!
# vulnerabilities happen!
return
id
.
slice
(
0
,
id
.
length
-
suffix
.
length
)
if
id
.
end_with?
(
suffix
)
return
[
id
.
slice
(
0
,
id
.
length
-
suffix
.
length
),
suffix
]
end
end
end
#
No valid id was found
.
#
Something is wrong with params[:project_id]; do not pass it on
.
nil
[
nil
,
nil
]
end
end
def
repository
def
repository
@repository
||=
begin
@repository
||=
begin
if
params
[
:project_id
].
end_with?
(
'.wiki.git'
)
_
,
suffix
=
project_id_with_suffix
if
suffix
==
'.wiki.git'
project
.
wiki
.
repository
project
.
wiki
.
repository
else
else
project
.
repository
project
.
repository
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment