diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-09-05 12:27:40 +0200 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-09-05 12:34:49 +0200 |
commit | 3b874414c06156767117b7aa7ae705c7342d887c (patch) | |
tree | 04318abb3fe8f963a51b8b1360dd664e57359da5 /app/controllers/projects/artifacts_controller.rb | |
parent | 52e52f4a172ae5aa54eac4a22d98610ec5aea1b0 (diff) | |
download | gitlab-ce-3b874414c06156767117b7aa7ae705c7342d887c.tar.gz |
Do not use artifacts metadata to access single artifact
Diffstat (limited to 'app/controllers/projects/artifacts_controller.rb')
-rw-r--r-- | app/controllers/projects/artifacts_controller.rb | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index f637a9a803b..eb010923466 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -7,7 +7,7 @@ class Projects::ArtifactsController < Projects::ApplicationController before_action :authorize_update_build!, only: [:keep] before_action :extract_ref_name_and_path before_action :validate_artifacts! - before_action :set_path_and_entry, only: [:file, :raw] + before_action :entry, only: [:file] def download if artifacts_file.file_storage? @@ -41,7 +41,10 @@ class Projects::ArtifactsController < Projects::ApplicationController end def raw - send_artifacts_entry(build, @entry) + path = Gitlab::Ci::Build::Artifacts::Path + .new(params[:path]) + + send_artifacts_entry(build, path) end def keep @@ -93,9 +96,8 @@ class Projects::ArtifactsController < Projects::ApplicationController @artifacts_file ||= build.artifacts_file end - def set_path_and_entry - @path = params[:path] - @entry = build.artifacts_metadata_entry(@path) + def entry + @entry = build.artifacts_metadata_entry(params[:path]) render_404 unless @entry.exists? end |