Merge branch 'path-disclosure-proj-import-export' into 'security'

Fix for path disclosure in project import/export See merge request !2080
author: DJ Mountney <dj@gitlab.com> 2017-04-05 21:55:19 +0000
committer: DJ Mountney <david@twkie.net> 2017-04-05 21:06:36 -0700
commit: 0d8fba4eece4fa527dd764472c0e05e1f05f8bc4 (patch)
tree: eec4dcee6aa1c637ca11592e56c3019755a5234f /app
parent: 29d8b4ee72c28ade5006f3f1343402782c38b231 (diff)
download: gitlab-ce-0d8fba4eece4fa527dd764472c0e05e1f05f8bc4.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index bd0c2cd661e..6b9e4267281 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -407,7 +407,10 @@ module ProjectsHelper
   def sanitize_repo_path(project, message)
     return '' unless message.present?
 
-    message.strip.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
+    exports_path = File.join(Settings.shared['path'], 'tmp/project_exports')
+    filtered_message = message.strip.gsub(exports_path, "[REPO EXPORT PATH]")
+
+    filtered_message.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
   end
 
   def project_feature_options
author	DJ Mountney <dj@gitlab.com>	2017-04-05 21:55:19 +0000
committer	DJ Mountney <david@twkie.net>	2017-04-05 21:06:36 -0700
commit	0d8fba4eece4fa527dd764472c0e05e1f05f8bc4 (patch)
tree	eec4dcee6aa1c637ca11592e56c3019755a5234f /app
parent	29d8b4ee72c28ade5006f3f1343402782c38b231 (diff)
download	gitlab-ce-0d8fba4eece4fa527dd764472c0e05e1f05f8bc4.tar.gz