diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-30 04:47:13 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-30 04:47:32 +0000 |
commit | 1f6654659564013b8aa4f3572158cb63d3a519c1 (patch) | |
tree | 0db2ae38308cb4ce7c7f33bfc670e228ea2be1e7 /app | |
parent | d7437af3f31f388bf59b23a06c9bff5c8c5fd157 (diff) | |
download | gitlab-ce-1f6654659564013b8aa4f3572158cb63d3a519c1.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-6-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/models/ci/build_runner_session.rb | 20 | ||||
-rw-r--r-- | app/models/project.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 2 | ||||
-rw-r--r-- | app/policies/packages/policies/group_policy.rb | 2 |
4 files changed, 15 insertions, 11 deletions
diff --git a/app/models/ci/build_runner_session.rb b/app/models/ci/build_runner_session.rb index c6dbb5d0a43..0f37ce70964 100644 --- a/app/models/ci/build_runner_session.rb +++ b/app/models/ci/build_runner_session.rb @@ -13,14 +13,15 @@ module Ci belongs_to :build, class_name: 'Ci::Build', inverse_of: :runner_session validates :build, presence: true - validates :url, addressable_url: { schemes: %w(https) } + validates :url, public_url: { schemes: %w(https) } def terminal_specification - wss_url = Gitlab::UrlHelpers.as_wss(self.url) + wss_url = Gitlab::UrlHelpers.as_wss(Addressable::URI.escape(self.url)) return {} unless wss_url.present? - wss_url = "#{wss_url}/exec" - channel_specification(wss_url, TERMINAL_SUBPROTOCOL) + parsed_wss_url = URI.parse(wss_url) + parsed_wss_url.path += '/exec' + channel_specification(parsed_wss_url, TERMINAL_SUBPROTOCOL) end def service_specification(service: nil, path: nil, port: nil, subprotocols: nil) @@ -28,20 +29,21 @@ module Ci port = port.presence || DEFAULT_PORT_NAME service = service.presence || DEFAULT_SERVICE_NAME - url = "#{self.url}/proxy/#{service}/#{port}/#{path}" + parsed_url = URI.parse(Addressable::URI.escape(self.url)) + parsed_url.path += "/proxy/#{service}/#{port}/#{path}" subprotocols = subprotocols.presence || ::Ci::BuildRunnerSession::TERMINAL_SUBPROTOCOL - channel_specification(url, subprotocols) + channel_specification(parsed_url, subprotocols) end private - def channel_specification(url, subprotocol) - return {} if subprotocol.blank? || url.blank? + def channel_specification(parsed_url, subprotocol) + return {} if subprotocol.blank? || parsed_url.blank? { subprotocols: Array(subprotocol), - url: url, + url: Addressable::URI.unescape(parsed_url.to_s), headers: { Authorization: [authorization.presence] }.compact, ca_pem: certificate.presence } diff --git a/app/models/project.rb b/app/models/project.rb index a07d4147228..0c4f76fb2b9 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2152,8 +2152,8 @@ class Project < ApplicationRecord end def after_import - repository.remove_prohibited_branches repository.expire_content_cache + repository.remove_prohibited_branches wiki.repository.expire_content_cache DetectRepositoryLanguagesWorker.perform_async(id) diff --git a/app/models/user.rb b/app/models/user.rb index 24f947183a2..b4b8a7ef7ad 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1556,7 +1556,7 @@ class User < ApplicationRecord name: name, username: username, avatar_url: avatar_url(only_path: false), - email: public_email.presence || _('[REDACTED]') + email: webhook_email } end diff --git a/app/policies/packages/policies/group_policy.rb b/app/policies/packages/policies/group_policy.rb index 32dbcb1b65b..d8c20c7a90a 100644 --- a/app/policies/packages/policies/group_policy.rb +++ b/app/policies/packages/policies/group_policy.rb @@ -25,3 +25,5 @@ module Packages end end end + +Packages::Policies::GroupPolicy.prepend_mod_with('Packages::Policies::GroupPolicy') |