diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-11-17 14:33:35 +0100 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-11-17 14:33:35 +0100 |
commit | 7b014338ca94caf4677a035f28469945e6a80100 (patch) | |
tree | c442bdae95edb35d14551ca04052227bdb840511 /app/services/files | |
parent | bb8b6f38e7fef0afd41088d54d9dda41695ec1c7 (diff) | |
parent | 1c040b3f0a3ecb18fc8fdea3cf99b70edad8d873 (diff) | |
download | gitlab-ce-contributor-graph-by-email.tar.gz |
Merge branch 'master' into contributor-graph-by-emailcontributor-graph-by-email
Diffstat (limited to 'app/services/files')
-rw-r--r-- | app/services/files/create_dir_service.rb | 11 | ||||
-rw-r--r-- | app/services/files/create_service.rb | 11 |
2 files changed, 19 insertions, 3 deletions
diff --git a/app/services/files/create_dir_service.rb b/app/services/files/create_dir_service.rb index 71272fb5707..6107254a34e 100644 --- a/app/services/files/create_dir_service.rb +++ b/app/services/files/create_dir_service.rb @@ -5,5 +5,16 @@ module Files def commit repository.commit_dir(current_user, @file_path, @commit_message, @target_branch) end + + def validate + super + + unless @file_path =~ Gitlab::Regex.file_path_regex + raise_error( + 'Your changes could not be committed, because the file path ' + + Gitlab::Regex.file_path_regex_message + ) + end + end end end diff --git a/app/services/files/create_service.rb b/app/services/files/create_service.rb index c8e3a910bba..2348920cc58 100644 --- a/app/services/files/create_service.rb +++ b/app/services/files/create_service.rb @@ -9,12 +9,17 @@ module Files def validate super - file_name = File.basename(@file_path) + if @file_path =~ Gitlab::Regex.directory_traversal_regex + raise_error( + 'Your changes could not be committed, because the file name ' + + Gitlab::Regex.directory_traversal_regex_message + ) + end - unless file_name =~ Gitlab::Regex.file_name_regex + unless @file_path =~ Gitlab::Regex.file_path_regex raise_error( 'Your changes could not be committed, because the file name ' + - Gitlab::Regex.file_name_regex_message + Gitlab::Regex.file_path_regex_message ) end |