diff options
| author | Hannes Rosenögger <Hannes.Rosenoegger@bva.bund.de> | 2015-02-09 14:35:48 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-02-16 20:10:15 +0100 |
| commit | 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07 (patch) | |
| tree | 43f9cf4d556b95f73481df0e6f258600b59f5a51 /db | |
| parent | 87b413592499ddcf1149d9e2b580f76a13bf625c (diff) | |
| download | gitlab-ce-7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.tar.gz | |
Fix broken access control and refactor avatar upload
This commit moves the note folder from
/public/uploads/note
to
/uploads/note
and changes the uploader accordingly.
Now it's no longer possible to avoid the access control by modifing the url.
The Avatar upload has been refactored to use an own uploader as well
to cleanly seperate the two upload types.
Diffstat (limited to 'db')
| -rw-r--r-- | db/migrate/20150213111727_move_note_folder.rb | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/db/migrate/20150213111727_move_note_folder.rb b/db/migrate/20150213111727_move_note_folder.rb new file mode 100644 index 00000000000..ca7f87d984f --- /dev/null +++ b/db/migrate/20150213111727_move_note_folder.rb @@ -0,0 +1,19 @@ +class MoveNoteFolder < ActiveRecord::Migration + def up + system( + "if [ -d '#{Rails.root}/public/uploads/note' ]; + then mv #{Rails.root}/public/uploads/note #{Rails.root}/uploads/note; + echo 'note folder has been moved successfully'; + else + echo 'note folder has already been moved or does not exist yet. Nothing to do here.'; fi") + end + + def down + system( + "if [ -d '#{Rails.root}/uploads/note' ]; + then mv #{Rails.root}/uploads/note #{Rails.root}/public/uploads/note; + echo 'note folder has been moved successfully'; + else + echo 'note folder has already been moved or does not exist yet. Nothing to do here.'; fi") + end +end |