diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-12-12 13:28:48 +0200 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-12-12 13:28:48 +0200 |
commit | 118bd7178b2be5f8a8fbcfa6af66e9e6d299b658 (patch) | |
tree | fdfd569d8447134f7f9d5b427f160e7fbf2d23f3 /app | |
parent | f28a12a559ef5492b583f0ae5dff5dcb49c7afe1 (diff) | |
download | gitlab-ce-118bd7178b2be5f8a8fbcfa6af66e9e6d299b658.tar.gz |
Sanitize snippet file name in raw headers
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/snippets_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/snippets_controller.rb | 2 | ||||
-rw-r--r-- | app/models/snippet.rb | 4 |
3 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb index 9d5dd8a95cc..25c887deafa 100644 --- a/app/controllers/projects/snippets_controller.rb +++ b/app/controllers/projects/snippets_controller.rb @@ -68,7 +68,7 @@ class Projects::SnippetsController < Projects::ApplicationController @snippet.content, type: 'text/plain; charset=utf-8', disposition: 'inline', - filename: @snippet.file_name + filename: @snippet.sanitized_file_name ) end diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index bf3312fedc8..312e561b522 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -79,7 +79,7 @@ class SnippetsController < ApplicationController @snippet.content, type: 'text/plain; charset=utf-8', disposition: 'inline', - filename: @snippet.file_name + filename: @snippet.sanitized_file_name ) end diff --git a/app/models/snippet.rb b/app/models/snippet.rb index 44fbff345b4..9aba42a0622 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -64,6 +64,10 @@ class Snippet < ActiveRecord::Base file_name end + def sanitized_file_name + file_name.gsub(/[^a-zA-Z0-9_\-\.]+/, '') + end + def mode nil end |