diff options
author | Francisco Javier López <fjlopez@gitlab.com> | 2018-06-11 13:29:37 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-06-11 13:29:37 +0000 |
commit | 1418afc2d6e7699f08a1fc5f33b78ea847ac1451 (patch) | |
tree | 7f1cd2621237c4dd234651bd16d6e304989b731d /app/validators | |
parent | 180dc237152d60d05e4f75d8c936e81ba783b6cd (diff) | |
download | gitlab-ce-1418afc2d6e7699f08a1fc5f33b78ea847ac1451.tar.gz |
Avoid checking the user format in every url validation
Diffstat (limited to 'app/validators')
-rw-r--r-- | app/validators/url_validator.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/app/validators/url_validator.rb b/app/validators/url_validator.rb index 8648c4c75e3..6854fec582e 100644 --- a/app/validators/url_validator.rb +++ b/app/validators/url_validator.rb @@ -18,6 +18,13 @@ # This validator can also block urls pointing to localhost or the local network to # protect against Server-side Request Forgery (SSRF), or check for the right port. # +# The available options are: +# - protocols: Allowed protocols. Default: http and https +# - allow_localhost: Allow urls pointing to localhost. Default: true +# - allow_local_network: Allow urls pointing to private network addresses. Default: true +# - ports: Allowed ports. Default: all. +# - enforce_user: Validate user format. Default: false +# # Example: # class User < ActiveRecord::Base # validates :personal_url, url: { allow_localhost: false, allow_local_network: false} @@ -35,7 +42,7 @@ class UrlValidator < ActiveModel::EachValidator if value.present? value.strip! else - record.errors.add(attribute, "must be a valid URL") + record.errors.add(attribute, 'must be a valid URL') end Gitlab::UrlBlocker.validate!(value, blocker_args) @@ -51,7 +58,8 @@ class UrlValidator < ActiveModel::EachValidator protocols: DEFAULT_PROTOCOLS, ports: [], allow_localhost: true, - allow_local_network: true + allow_local_network: true, + enforce_user: false } end @@ -64,7 +72,7 @@ class UrlValidator < ActiveModel::EachValidator end def blocker_args - current_options.slice(:allow_localhost, :allow_local_network, :protocols, :ports).tap do |args| + current_options.slice(*default_options.keys).tap do |args| if allow_setting_local_requests? args[:allow_localhost] = args[:allow_local_network] = true end |