Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-05 15:07:52 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-05 15:07:52 +0000
commit: afe2b984524ae4b0c8a0636db7ec5b2c452f0734 (patch)
tree: 3de39f954c7239e09a9afe84263a64e7042b2b60 /app/controllers/import
parent: 5a6b36b60502c50ab59c0bc3c345793b70a3d548 (diff)
download: gitlab-ce-afe2b984524ae4b0c8a0636db7ec5b2c452f0734.tar.gz
1 files changed, 22 insertions, 1 deletions
diff --git a/app/controllers/import/gitea_controller.rb b/app/controllers/import/gitea_controller.rb
index a23b2f8139e..f0888e08622 100644
--- a/app/controllers/import/gitea_controller.rb
+++ b/app/controllers/import/gitea_controller.rb
@@ -16,7 +16,13 @@ class Import::GiteaController < Import::GithubController
 
   # Must be defined or it will 404
   def status
-    super
+    if blocked_url?
+      session[access_token_key] = nil
+
+      redirect_to new_import_url, alert: _('Specified URL cannot be used.')
+    else
+      super
+    end
   end
 
   private
@@ -54,4 +60,19 @@ class Import::GiteaController < Import::GithubController
   def client_options
     { host: provider_url, api_version: 'v1' }
   end
+
+  def blocked_url?
+    Gitlab::UrlBlocker.blocked_url?(
+      provider_url,
+      {
+        allow_localhost: allow_local_requests?,
+        allow_local_network: allow_local_requests?,
+        schemes: %w(http https)
+      }
+    )
+  end
+
+  def allow_local_requests?
+    Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
+  end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-05 15:07:52 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-05 15:07:52 +0000
commit	afe2b984524ae4b0c8a0636db7ec5b2c452f0734 (patch)
tree	3de39f954c7239e09a9afe84263a64e7042b2b60 /app/controllers/import
parent	5a6b36b60502c50ab59c0bc3c345793b70a3d548 (diff)
download	gitlab-ce-afe2b984524ae4b0c8a0636db7ec5b2c452f0734.tar.gz