diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-01 11:52:52 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-01 11:53:21 +0000 |
commit | b64b61bfe72c54fe4a7fdce34b2f1591e3822e5e (patch) | |
tree | c8d24132d4bd3c77a3c34a899c79f95756832b5e /app/controllers | |
parent | 430576c997e7cfc61b003cf6dbf12817ef899eef (diff) | |
download | gitlab-ce-b64b61bfe72c54fe4a7fdce34b2f1591e3822e5e.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-5-stable-ee
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/projects/artifacts_controller.rb | 11 | ||||
-rw-r--r-- | app/controllers/sandbox_controller.rb | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index 997d321ac24..40e89a06b46 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -14,7 +14,7 @@ class Projects::ArtifactsController < Projects::ApplicationController before_action :authorize_destroy_artifacts!, only: [:destroy] before_action :extract_ref_name_and_path before_action :validate_artifacts!, except: [:index, :download, :raw, :destroy] - before_action :entry, only: [:file] + before_action :entry, only: [:external_file, :file] MAX_PER_PAGE = 20 @@ -58,12 +58,19 @@ class Projects::ArtifactsController < Projects::ApplicationController render_404 unless @entry.exists? end + # External files are redirected to Gitlab Pages and might have unsecure content + # To warn the user about the possible unsecure content, we show a warning page + # before redirecting the user. + def external_file + @blob = @entry.blob + end + def file blob = @entry.blob conditionally_expand_blob(blob) if blob.external_link?(build) - redirect_to blob.external_url(@project, build) + redirect_to external_file_project_job_artifacts_path(@project, @build, path: params[:path]) else respond_to do |format| format.html do diff --git a/app/controllers/sandbox_controller.rb b/app/controllers/sandbox_controller.rb index a48b2b8a314..dffe6797831 100644 --- a/app/controllers/sandbox_controller.rb +++ b/app/controllers/sandbox_controller.rb @@ -8,4 +8,8 @@ class SandboxController < ApplicationController # rubocop:disable Gitlab/Namespa def mermaid render layout: false end + + def swagger + render layout: false + end end |