diff options
author | James Lopez <james@gitlab.com> | 2018-01-26 15:39:10 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2018-02-09 12:16:28 -0600 |
commit | 68e31c098ec3984c42b921c07fec8593116e77ce (patch) | |
tree | 8d92ef061571749cf46b54d41a70f38c2fcafd49 /app/services/groups | |
parent | fec9fb05a5775b864ef6768df166d39fcb2be4bc (diff) | |
download | gitlab-ce-68e31c098ec3984c42b921c07fec8593116e77ce.tar.gz |
Merge branch 'fix/gh-namespace-issue' into 'security-10-4'
[10.4] Fix GH namespace security issue
Diffstat (limited to 'app/services/groups')
-rw-r--r-- | app/services/groups/nested_create_service.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/services/groups/nested_create_service.rb b/app/services/groups/nested_create_service.rb index d6f08fc3cce..5c337a9faa5 100644 --- a/app/services/groups/nested_create_service.rb +++ b/app/services/groups/nested_create_service.rb @@ -11,8 +11,8 @@ module Groups def execute return nil unless group_path - if group = Group.find_by_full_path(group_path) - return group + if namespace = namespace_or_group(group_path) + return namespace end if group_path.include?('/') && !Group.supports_nested_groups? @@ -40,10 +40,14 @@ module Groups ) new_params[:visibility_level] ||= Gitlab::CurrentSettings.current_application_settings.default_group_visibility - last_group = Group.find_by_full_path(partial_path) || Groups::CreateService.new(current_user, new_params).execute + last_group = namespace_or_group(partial_path) || Groups::CreateService.new(current_user, new_params).execute end last_group end + + def namespace_or_group(group_path) + Namespace.find_by_full_path(group_path) + end end end |