diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 18:37:12 +0000 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:07:29 -0500 |
commit | 4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6 (patch) | |
tree | 8187716680c85065ed8780632408d4ccf897ba50 /lib/gitlab/url_blocker.rb | |
parent | 1be0174b6aaab1c0cfe86a8b1c91b8ea6fa3db72 (diff) | |
download | gitlab-ce-4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6.tar.gz |
Merge branch 'security-stored-xss-for-environments' into 'master'
[master] Stored XSS for Environments
Closes #2727
See merge request gitlab/gitlabhq!2594
Diffstat (limited to 'lib/gitlab/url_blocker.rb')
-rw-r--r-- | lib/gitlab/url_blocker.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index 86efe8ad114..4b1b58d68d8 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -111,12 +111,14 @@ module Gitlab end def internal_web?(uri) - uri.hostname == config.gitlab.host && + uri.scheme == config.gitlab.protocol && + uri.hostname == config.gitlab.host && (uri.port.blank? || uri.port == config.gitlab.port) end def internal_shell?(uri) - uri.hostname == config.gitlab_shell.ssh_host && + uri.scheme == 'ssh' && + uri.hostname == config.gitlab_shell.ssh_host && (uri.port.blank? || uri.port == config.gitlab_shell.ssh_port) end |