Move sanitization validation above internal url55178-db_and_model

author: rpereira2 <rpereira@gitlab.com> 2019-01-07 17:13:45 +0530
committer: rpereira2 <rpereira@gitlab.com> 2019-01-07 17:13:45 +0530
commit: e9abb416d257e6f888fd115bd2a0546a50a4f781 (patch)
tree: 0777bf0d0f6be508f16a856f04e318b92710b22f
parent: b8c54680e512a7196d374e65f3acc5838189d356 (diff)
download: gitlab-ce-55178-db_and_model.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb
index 8c04409ad12..7ba82034290 100644
--- a/lib/gitlab/url_blocker.rb
+++ b/lib/gitlab/url_blocker.rb
@@ -14,6 +14,8 @@ module Gitlab
         # Param url can be a string, URI or Addressable::URI
         uri = parse_url(url)
 
+        validate_html_tags!(uri) if enforce_sanitization
+
         # Allow imports from the GitLab instance itself but only from the configured ports
         return true if internal?(uri)
 
@@ -23,7 +25,6 @@ module Gitlab
         validate_user!(uri.user) if enforce_user
         validate_hostname!(uri.hostname)
         validate_unicode_restriction!(uri) if ascii_only
-        validate_html_tags!(uri) if enforce_sanitization
 
         begin
           addrs_info = Addrinfo.getaddrinfo(uri.hostname, port, nil, :STREAM).map do |addr|
author	rpereira2 <rpereira@gitlab.com>	2019-01-07 17:13:45 +0530
committer	rpereira2 <rpereira@gitlab.com>	2019-01-07 17:13:45 +0530
commit	e9abb416d257e6f888fd115bd2a0546a50a4f781 (patch)
tree	0777bf0d0f6be508f16a856f04e318b92710b22f
parent	b8c54680e512a7196d374e65f3acc5838189d356 (diff)
download	gitlab-ce-55178-db_and_model.tar.gz