diff options
author | Robert Speicher <robert@gitlab.com> | 2017-01-04 19:13:29 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2017-01-23 13:42:27 -0500 |
commit | d7755ede246988e3186a46b2c9fbd1b70660b529 (patch) | |
tree | b3df0cb09c2cfc275c4ed96b52c9db7ca609e291 /app/models/namespace.rb | |
parent | 60d1dcb83ac97e3d0dfd9cdf0daa970671ba3d68 (diff) | |
download | gitlab-ce-d7755ede246988e3186a46b2c9fbd1b70660b529.tar.gz |
Merge branch 'fix/rename-group-export-vuln' into 'security'
Fix export files not removed when a user takes over a namespace
See merge request !2051
Diffstat (limited to 'app/models/namespace.rb')
-rw-r--r-- | app/models/namespace.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/models/namespace.rb b/app/models/namespace.rb index d41833de66f..dd33975731f 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -130,6 +130,8 @@ class Namespace < ActiveRecord::Base Gitlab::UploadsTransfer.new.rename_namespace(path_was, path) + remove_exports! + # If repositories moved successfully we need to # send update instructions to users. # However we cannot allow rollback since we moved namespace dir @@ -214,6 +216,8 @@ class Namespace < ActiveRecord::Base GitlabShellWorker.perform_in(5.minutes, :rm_namespace, repository_storage_path, new_path) end end + + remove_exports! end def refresh_access_of_projects_invited_groups @@ -226,4 +230,20 @@ class Namespace < ActiveRecord::Base def full_path_changed? path_changed? || parent_id_changed? end + + def remove_exports! + Gitlab::Popen.popen(%W(find #{export_path} -not -path #{export_path} -delete)) + end + + def export_path + File.join(Gitlab::ImportExport.storage_path, full_path_was) + end + + def full_path_was + if parent + parent.full_path + '/' + path_was + else + path_was + end + end end |