diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-03-13 22:38:27 +0000 |
---|---|---|
committer | Mark Fletcher <mark@gitlab.com> | 2018-03-16 12:57:21 +0000 |
commit | 254529300eeb0a11e50e0b2ebc1abecf9908f13e (patch) | |
tree | 1b2b7a71b41f57af1413ec2dba472fd5ecf5d0b3 /app/services/projects | |
parent | c7e4919eaaf385d283fdb8bbb737d898326f7304 (diff) | |
download | gitlab-ce-254529300eeb0a11e50e0b2ebc1abecf9908f13e.tar.gz |
Merge branch 'fj-15329-services-callbacks-ssrf-10-5' into 'security-10-5'
[10.5] Server Side Request Forgery in Services and Web Hooks
See merge request gitlab/gitlabhq!2348
Diffstat (limited to 'app/services/projects')
-rw-r--r-- | app/services/projects/import_service.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb index f2d676af5c3..a34024f4f80 100644 --- a/app/services/projects/import_service.rb +++ b/app/services/projects/import_service.rb @@ -28,7 +28,7 @@ module Projects def add_repository_to_project if project.external_import? && !unknown_url? - raise Error, 'Blocked import URL.' if Gitlab::UrlBlocker.blocked_url?(project.import_url) + raise Error, 'Blocked import URL.' if Gitlab::UrlBlocker.blocked_url?(project.import_url, valid_ports: Project::VALID_IMPORT_PORTS) end # We should skip the repository for a GitHub import or GitLab project import, |