Add strict validation to snippet file names

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-12 13:15:42 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-12 13:15:42 +0200
commit: f28a12a559ef5492b583f0ae5dff5dcb49c7afe1 (patch)
tree: 8cc924fc5c635378edae16efab30d3ce6c8a6415 /app/models/snippet.rb
parent: 9a3ae331adac6f4cc5ace771f740981811bdb41e (diff)
download: gitlab-ce-f28a12a559ef5492b583f0ae5dff5dcb49c7afe1.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index a47fbca3260..44fbff345b4 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -29,7 +29,9 @@ class Snippet < ActiveRecord::Base
 
   validates :author, presence: true
   validates :title, presence: true, length: { within: 0..255 }
-  validates :file_name, presence: true, length: { within: 0..255 }
+  validates :file_name, presence: true, length: { within: 0..255 },
+            format: { with: Gitlab::Regex.path_regex,
+                      message: Gitlab::Regex.path_regex_message }
   validates :content, presence: true
   validates :visibility_level, inclusion: { in: Gitlab::VisibilityLevel.values }
 
@@ -72,7 +74,7 @@ class Snippet < ActiveRecord::Base
 
   def visibility_level_field
     visibility_level
-  end 
+  end
 
   class << self
     def search(query)
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-12-12 13:15:42 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2014-12-12 13:15:42 +0200
commit	f28a12a559ef5492b583f0ae5dff5dcb49c7afe1 (patch)
tree	8cc924fc5c635378edae16efab30d3ce6c8a6415 /app/models/snippet.rb
parent	9a3ae331adac6f4cc5ace771f740981811bdb41e (diff)
download	gitlab-ce-f28a12a559ef5492b583f0ae5dff5dcb49c7afe1.tar.gz