diff options
author | rpereira2 <rpereira@gitlab.com> | 2019-01-07 17:13:45 +0530 |
---|---|---|
committer | rpereira2 <rpereira@gitlab.com> | 2019-01-07 17:13:45 +0530 |
commit | e9abb416d257e6f888fd115bd2a0546a50a4f781 (patch) | |
tree | 0777bf0d0f6be508f16a856f04e318b92710b22f | |
parent | b8c54680e512a7196d374e65f3acc5838189d356 (diff) | |
download | gitlab-ce-55178-db_and_model.tar.gz |
Move sanitization validation above internal url55178-db_and_model
-rw-r--r-- | lib/gitlab/url_blocker.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index 8c04409ad12..7ba82034290 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -14,6 +14,8 @@ module Gitlab # Param url can be a string, URI or Addressable::URI uri = parse_url(url) + validate_html_tags!(uri) if enforce_sanitization + # Allow imports from the GitLab instance itself but only from the configured ports return true if internal?(uri) @@ -23,7 +25,6 @@ module Gitlab validate_user!(uri.user) if enforce_user validate_hostname!(uri.hostname) validate_unicode_restriction!(uri) if ascii_only - validate_html_tags!(uri) if enforce_sanitization begin addrs_info = Addrinfo.getaddrinfo(uri.hostname, port, nil, :STREAM).map do |addr| |