diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-03-15 20:09:08 +0000 |
|---|---|---|
| committer | DJ Mountney <david@twkie.net> | 2017-03-20 18:53:04 -0700 |
| commit | 65aafb9917fb8fd4d26ca096681ca29a9a6ddda2 (patch) | |
| tree | ea67256a897d4b1b8921d6b68652f8a5f0e948ab /app/models/project.rb | |
| parent | c5a9d73ad8a141166d871e551027208014a281c0 (diff) | |
| download | gitlab-ce-65aafb9917fb8fd4d26ca096681ca29a9a6ddda2.tar.gz | |
Merge branch 'ssrf' into 'security'
Protect server against SSRF in project import URLs
See merge request !2068
Diffstat (limited to 'app/models/project.rb')
| -rw-r--r-- | app/models/project.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 17cf8226bcc..4a3faff7d5b 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -196,6 +196,7 @@ class Project < ActiveRecord::Base validates :name, uniqueness: { scope: :namespace_id } validates :path, uniqueness: { scope: :namespace_id } validates :import_url, addressable_url: true, if: :external_import? + validates :import_url, importable_url: true, if: [:external_import?, :import_url_changed?] validates :star_count, numericality: { greater_than_or_equal_to: 0 } validate :check_limit, on: :create validate :avatar_type, |