diff options
author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2016-04-06 19:25:47 +0200 |
---|---|---|
committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2016-04-06 19:25:47 +0200 |
commit | ab9dfa8fd681ac558cf988aa2cdb5bd69feea757 (patch) | |
tree | b7d5494f64e7e15ca7fd8f530b27087e4ad2edb5 | |
parent | ccb29955c9d7de69d99fe91425d6246cc723def4 (diff) | |
download | gitlab-ce-ab9dfa8fd681ac558cf988aa2cdb5bd69feea757.tar.gz |
Clarify intentions
-rw-r--r-- | app/controllers/projects/git_http_controller.rb | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/app/controllers/projects/git_http_controller.rb b/app/controllers/projects/git_http_controller.rb index 6dd7a683b0e..11e17510cb9 100644 --- a/app/controllers/projects/git_http_controller.rb +++ b/app/controllers/projects/git_http_controller.rb @@ -108,11 +108,14 @@ class Projects::GitHttpController < Projects::ApplicationController id = params[:project_id] return if id.nil? - if id.end_with?('.wiki.git') - id.slice(0, id.length - 9) - elsif id.end_with?('.git') - id.slice(0, id.length - 4) + %w{.wiki.git .git}.each do |suffix| + # Be careful to only remove the suffix from the end of 'id'. + # Accidentally removing it from the middle is how security + # vulnerabilities happen! + return id.slice(0, id.length - suffix.length) if id.end_with?(suffix) end + + nil end def repository |