Adds validation for Project#ci_config_path not to contain leading slash

author: Christiaan Van den Poel <christiaan.vandenpoel@gmail.com> 2017-12-01 11:15:15 +0000
committer: Grzegorz Bizon <grzegorz@gitlab.com> 2017-12-01 11:15:15 +0000
commit: 70194cfc28009f419f74580cf199fe91aa1754ec (patch)
tree: 9f5b9d92979067e8e58b9811d12e38705e962fed /app
parent: 3e78b5ae8f99b18e05e4d35068cbc0785178ba4b (diff)
download: gitlab-ce-70194cfc28009f419f74580cf199fe91aa1754ec.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/app/models/project.rb b/app/models/project.rb
index c6f7f56f311..eaf4f555d3b 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -234,8 +234,8 @@ class Project < ActiveRecord::Base
   validates :creator, presence: true, on: :create
   validates :description, length: { maximum: 2000 }, allow_blank: true
   validates :ci_config_path,
-    format: { without: /\.{2}/,
-              message: 'cannot include directory traversal.' },
+    format: { without: /(\.{2}|\A\/)/,
+              message: 'cannot include leading slash or directory traversal.' },
     length: { maximum: 255 },
     allow_blank: true
   validates :name,
@@ -599,7 +599,7 @@ class Project < ActiveRecord::Base
 
   def ci_config_path=(value)
     # Strip all leading slashes so that //foo -> foo
-    super(value&.sub(%r{\A/+}, '')&.delete("\0"))
+    super(value&.delete("\0"))
   end
 
   def import_url=(value)
author	Christiaan Van den Poel <christiaan.vandenpoel@gmail.com>	2017-12-01 11:15:15 +0000
committer	Grzegorz Bizon <grzegorz@gitlab.com>	2017-12-01 11:15:15 +0000
commit	70194cfc28009f419f74580cf199fe91aa1754ec (patch)
tree	9f5b9d92979067e8e58b9811d12e38705e962fed /app
parent	3e78b5ae8f99b18e05e4d35068cbc0785178ba4b (diff)
download	gitlab-ce-70194cfc28009f419f74580cf199fe91aa1754ec.tar.gz