diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-03 00:20:18 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-03 00:20:18 +0000 |
| commit | 475d5a7a176dcb87bd1fb8d55883ad2b3b2a7955 (patch) | |
| tree | 93a6467c8d82d26468ce3dcebef5a7838c5a974b /lib/gitlab/utils.rb | |
| parent | bd091da6d5cb036cf3c58d4ba5671f931c8381e1 (diff) | |
| download | gitlab-ce-475d5a7a176dcb87bd1fb8d55883ad2b3b2a7955.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/utils.rb')
| -rw-r--r-- | lib/gitlab/utils.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/gitlab/utils.rb b/lib/gitlab/utils.rb index 608545baf74..a337fcc43c4 100644 --- a/lib/gitlab/utils.rb +++ b/lib/gitlab/utils.rb @@ -37,6 +37,13 @@ module Gitlab raise StandardError, "path #{path} is not allowed" end + def check_allowed_absolute_path_and_path_traversal!(path, path_allowlist) + traversal_path = check_path_traversal!(path) + raise StandardError, "path is not a string!" unless traversal_path.is_a?(String) + + check_allowed_absolute_path!(traversal_path, path_allowlist) + end + def decode_path(encoded_path) decoded = CGI.unescape(encoded_path) if decoded != CGI.unescape(decoded) |