diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-06-26 21:40:27 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-06-26 21:40:27 +0000 |
| commit | 009c0afaed0de77c9667fa28518c668308a1409d (patch) | |
| tree | c97ed68a2e7d4725eb37eda437cc5a2a08fea042 /app | |
| parent | 55bb6eed16f293318ba2684de42fb4299e622d61 (diff) | |
| parent | 30b9b275522f2da80388e5f5a2187fe21d435c3a (diff) | |
| download | gitlab-ce-009c0afaed0de77c9667fa28518c668308a1409d.tar.gz | |
Merge branch 'security-2858-fix-color-validation-11-11' into '11-11-stable'
Fix color validation regex causing DoS
See merge request gitlab/gitlabhq!3177
Diffstat (limited to 'app')
| -rw-r--r-- | app/validators/color_validator.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/validators/color_validator.rb b/app/validators/color_validator.rb index 1932d042e83..974dfbbf394 100644 --- a/app/validators/color_validator.rb +++ b/app/validators/color_validator.rb @@ -12,7 +12,7 @@ # end # class ColorValidator < ActiveModel::EachValidator - PATTERN = /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/.freeze + PATTERN = /\A\#(?:[0-9A-Fa-f]{3}){1,2}\Z/.freeze def validate_each(record, attribute, value) unless value =~ PATTERN |