update to current master and fix conflictsissue-title-vue

author: Regis <boudinot.regis@yahoo.com> 2017-03-21 09:08:28 -0600
committer: Regis <boudinot.regis@yahoo.com> 2017-03-21 09:08:28 -0600
commit: 0b75b821c6cfd173291fcfd88c41da9922d082dd (patch)
tree: 41b578d299bd77423aa3591955a4cb5ca07ab025 /app/validators/importable_url_validator.rb
parent: 6342da7bb6cbba1b1e026fc62a1da42b811b25f4 (diff)
parent: a08c707c928092426e2334423e71c6b841309ddf (diff)
download: gitlab-ce-issue-title-vue.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/app/validators/importable_url_validator.rb b/app/validators/importable_url_validator.rb
new file mode 100644
index 00000000000..37a314adee6
--- /dev/null
+++ b/app/validators/importable_url_validator.rb
@@ -0,0 +1,11 @@
+# ImportableUrlValidator
+#
+# This validator blocks projects from using dangerous import_urls to help
+# protect against Server-side Request Forgery (SSRF).
+class ImportableUrlValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    if Gitlab::UrlBlocker.blocked_url?(value)
+      record.errors.add(attribute, "imports are not allowed from that URL")
+    end
+  end
+end
author	Regis <boudinot.regis@yahoo.com>	2017-03-21 09:08:28 -0600
committer	Regis <boudinot.regis@yahoo.com>	2017-03-21 09:08:28 -0600
commit	0b75b821c6cfd173291fcfd88c41da9922d082dd (patch)
tree	41b578d299bd77423aa3591955a4cb5ca07ab025 /app/validators/importable_url_validator.rb
parent	6342da7bb6cbba1b1e026fc62a1da42b811b25f4 (diff)
parent	a08c707c928092426e2334423e71c6b841309ddf (diff)
download	gitlab-ce-issue-title-vue.tar.gz