Merge branch 'security-60551-fix-upload-scope' into 'master'

Queries for Upload should be scoped by model See merge request gitlab/gitlabhq!3229
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-07-26 13:40:54 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-07-26 13:40:54 +0000
commit: 461101c3b50ef2215a3be9a099bf2581473d7d2d (patch)
tree: 6714e2d17e2c45926a1355ca029f987b58f1de19 /app/uploaders
parent: 4b2d49b7285f7968e894c635321f878d77773bb8 (diff)
parent: dfe906209e2238b82c84c9fb435498cae2f3d43e (diff)
download: gitlab-ce-461101c3b50ef2215a3be9a099bf2581473d7d2d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/uploaders/records_uploads.rb b/app/uploaders/records_uploads.rb
index 3b2a9d2f80e..967fcdc704e 100644
--- a/app/uploaders/records_uploads.rb
+++ b/app/uploaders/records_uploads.rb
@@ -27,7 +27,7 @@ module RecordsUploads
     end
 
     def readd_upload
-      uploads.where(path: upload_path).delete_all
+      uploads.where(model: model, path: upload_path).delete_all
       upload.delete if upload
 
       self.upload = build_upload.tap(&:save!)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-07-26 13:40:54 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-07-26 13:40:54 +0000
commit	461101c3b50ef2215a3be9a099bf2581473d7d2d (patch)
tree	6714e2d17e2c45926a1355ca029f987b58f1de19 /app/uploaders
parent	4b2d49b7285f7968e894c635321f878d77773bb8 (diff)
parent	dfe906209e2238b82c84c9fb435498cae2f3d43e (diff)
download	gitlab-ce-461101c3b50ef2215a3be9a099bf2581473d7d2d.tar.gz