diff options
author | Robert Speicher <robert@gitlab.com> | 2018-01-05 21:36:18 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-01-16 17:04:51 -0800 |
commit | 791ca43f3f8f12451ee1e70efc90f5d82347af93 (patch) | |
tree | 38408c69a00d1ec5de991a4698ce093b73545517 /lib/gitlab/utils.rb | |
parent | 536a47b4b70df0f2a8438ed0ada7654593fa5cd0 (diff) | |
download | gitlab-ce-791ca43f3f8f12451ee1e70efc90f5d82347af93.tar.gz |
Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'
Don't allow line breaks on HTTP headers
See merge request gitlab/gitlabhq!2277
(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)
073b8f9c Don't allow line breaks on HTTP headers
Diffstat (limited to 'lib/gitlab/utils.rb')
-rw-r--r-- | lib/gitlab/utils.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/gitlab/utils.rb b/lib/gitlab/utils.rb index b3baaf036d8..fa22f0e37b2 100644 --- a/lib/gitlab/utils.rb +++ b/lib/gitlab/utils.rb @@ -27,6 +27,10 @@ module Gitlab .gsub(/(\A-+|-+\z)/, '') end + def remove_line_breaks(str) + str.gsub(/\r?\n/, '') + end + def to_boolean(value) return value if [true, false].include?(value) return true if value =~ /^(true|t|yes|y|1|on)$/i |