diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-26 13:40:54 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-07-26 13:40:54 +0000 |
commit | 461101c3b50ef2215a3be9a099bf2581473d7d2d (patch) | |
tree | 6714e2d17e2c45926a1355ca029f987b58f1de19 /app/uploaders | |
parent | 4b2d49b7285f7968e894c635321f878d77773bb8 (diff) | |
parent | dfe906209e2238b82c84c9fb435498cae2f3d43e (diff) | |
download | gitlab-ce-461101c3b50ef2215a3be9a099bf2581473d7d2d.tar.gz |
Merge branch 'security-60551-fix-upload-scope' into 'master'
Queries for Upload should be scoped by model
See merge request gitlab/gitlabhq!3229
Diffstat (limited to 'app/uploaders')
-rw-r--r-- | app/uploaders/records_uploads.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/uploaders/records_uploads.rb b/app/uploaders/records_uploads.rb index 3b2a9d2f80e..967fcdc704e 100644 --- a/app/uploaders/records_uploads.rb +++ b/app/uploaders/records_uploads.rb @@ -27,7 +27,7 @@ module RecordsUploads end def readd_upload - uploads.where(path: upload_path).delete_all + uploads.where(model: model, path: upload_path).delete_all upload.delete if upload self.upload = build_upload.tap(&:save!) |