diff options
author | Ben Ford <ben.ford@puppetlabs.com> | 2015-10-19 14:52:46 -0700 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-10-29 15:49:07 +0100 |
commit | 3be9d2c422b8651498abec3a2ee9bb6a3685f040 (patch) | |
tree | 807a38b8b6e91319cc1b2ff8e2d31d0391f9ad59 /app/services | |
parent | ae99720a40b8e0700891f5828c1a93bcc7673e04 (diff) | |
download | gitlab-ce-3be9d2c422b8651498abec3a2ee9bb6a3685f040.tar.gz |
Add ability to create directories in the editor
Simply type a name with a `/` directory separator and new directories
will be created. This does not do the fancy UI work that github.com
does, but it will get the job done.
I could not find tests for file creation, so I didn't add a test for
this slight behaviour modification. I did test directory traversals
though, using both absolute paths like `/tmp/foo.txt` and relative paths
like `../../foo.txt`. Neither case escaped the repository, though
attempting to traverse with a relative path resulted in a 500 error that
did not affect application stability upon reload.
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/files/create_dir_service.rb | 11 | ||||
-rw-r--r-- | app/services/files/create_service.rb | 11 |
2 files changed, 19 insertions, 3 deletions
diff --git a/app/services/files/create_dir_service.rb b/app/services/files/create_dir_service.rb index 71272fb5707..6107254a34e 100644 --- a/app/services/files/create_dir_service.rb +++ b/app/services/files/create_dir_service.rb @@ -5,5 +5,16 @@ module Files def commit repository.commit_dir(current_user, @file_path, @commit_message, @target_branch) end + + def validate + super + + unless @file_path =~ Gitlab::Regex.file_path_regex + raise_error( + 'Your changes could not be committed, because the file path ' + + Gitlab::Regex.file_path_regex_message + ) + end + end end end diff --git a/app/services/files/create_service.rb b/app/services/files/create_service.rb index c8e3a910bba..2348920cc58 100644 --- a/app/services/files/create_service.rb +++ b/app/services/files/create_service.rb @@ -9,12 +9,17 @@ module Files def validate super - file_name = File.basename(@file_path) + if @file_path =~ Gitlab::Regex.directory_traversal_regex + raise_error( + 'Your changes could not be committed, because the file name ' + + Gitlab::Regex.directory_traversal_regex_message + ) + end - unless file_name =~ Gitlab::Regex.file_name_regex + unless @file_path =~ Gitlab::Regex.file_path_regex raise_error( 'Your changes could not be committed, because the file name ' + - Gitlab::Regex.file_name_regex_message + Gitlab::Regex.file_path_regex_message ) end |