diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 13:02:17 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 13:02:17 +0000 |
commit | 6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df (patch) | |
tree | 959df42c10bab01d1bc81c87ea1ed8f9d3e4e98f /lib/api | |
parent | 003d8b5eac3aa173a7061b82d84ffaf28e8024f6 (diff) | |
download | gitlab-ce-6f10ecdeb6d8636ce7c9fb6cf7930f1a543f58df.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/projects.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb index a92d904be84..34e0b528ced 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -89,6 +89,10 @@ module API Gitlab::AppLogger.info({ message: "File exceeds maximum size", file_bytes: file.size, project_id: user_project.id, project_path: user_project.full_path, upload_allowed: allowed }) end end + + def check_import_by_url_is_enabled + forbidden! unless Gitlab::CurrentSettings.import_sources&.include?('git') + end end helpers do @@ -267,6 +271,7 @@ module API attrs = declared_params(include_missing: false) attrs = translate_params_for_compatibility(attrs) filter_attributes_using_license!(attrs) + check_import_by_url_is_enabled if params[:import_url].present? project = ::Projects::CreateService.new(current_user, attrs).execute if project.saved? |