Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-29 13:02:17 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-29 13:02:17 +0000
commit: 6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df (patch)
tree: 959df42c10bab01d1bc81c87ea1ed8f9d3e4e98f /lib/api
parent: 003d8b5eac3aa173a7061b82d84ffaf28e8024f6 (diff)
download: gitlab-ce-6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index a92d904be84..34e0b528ced 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -89,6 +89,10 @@ module API
           Gitlab::AppLogger.info({ message: "File exceeds maximum size", file_bytes: file.size, project_id: user_project.id, project_path: user_project.full_path, upload_allowed: allowed })
         end
       end
+
+      def check_import_by_url_is_enabled
+        forbidden! unless Gitlab::CurrentSettings.import_sources&.include?('git')
+      end
     end
 
     helpers do
@@ -267,6 +271,7 @@ module API
         attrs = declared_params(include_missing: false)
         attrs = translate_params_for_compatibility(attrs)
         filter_attributes_using_license!(attrs)
+        check_import_by_url_is_enabled if params[:import_url].present?
         project = ::Projects::CreateService.new(current_user, attrs).execute
 
         if project.saved?
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-29 13:02:17 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-29 13:02:17 +0000
commit	6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df (patch)
tree	959df42c10bab01d1bc81c87ea1ed8f9d3e4e98f /lib/api
parent	003d8b5eac3aa173a7061b82d84ffaf28e8024f6 (diff)
download	gitlab-ce-6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df.tar.gz