summaryrefslogtreecommitdiff
path: root/lib/uploaded_file.rb
diff options
context:
space:
mode:
authorJan Provaznik <jprovaznik@gitlab.com>2018-07-07 19:30:16 +0200
committerJan Provaznik <jprovaznik@gitlab.com>2018-07-08 10:43:57 +0200
commite2ec97a92e6393dd0adeed39c77ff2b4eba0aed9 (patch)
tree972840ffe1bb8787b27d2d5b837b64d606d1b5a7 /lib/uploaded_file.rb
parent96eb6fd33b5dfc4910d8bd93e697d6b6eb70b991 (diff)
downloadgitlab-ce-e2ec97a92e6393dd0adeed39c77ff2b4eba0aed9.tar.gz
Add FileUploader.root to allowed upload paths
Currently we check if uploaded file is under `Gitlab.config.uploads.storage_path`, the problem is that uploads are placed in `uploads` subdirectory which is symlink. In allow_path? method we check real (expanded) paths, which causes that `Gitlab.config.uploads.storage_path` is expaned into symlink path and there is a mismatch with upload file path. By adding `Gitlab.config.uploads.storage_path/uploads` into allowed paths, this path is expaned during path check. `Gitlab.config.uploads.storage_path` is left there intentionally in case some uploader wouldn't use `uploads` subdir.
Diffstat (limited to 'lib/uploaded_file.rb')
-rw-r--r--lib/uploaded_file.rb5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/uploaded_file.rb b/lib/uploaded_file.rb
index 5dc85b2baea..0172461670b 100644
--- a/lib/uploaded_file.rb
+++ b/lib/uploaded_file.rb
@@ -28,7 +28,7 @@ class UploadedFile
@tempfile = File.new(path, 'rb')
end
- def self.from_params(params, field, upload_path)
+ def self.from_params(params, field, upload_paths)
unless params["#{field}.path"]
raise InvalidPathError, "file is invalid" if params["#{field}.remote_id"]
@@ -37,7 +37,8 @@ class UploadedFile
file_path = File.realpath(params["#{field}.path"])
- unless self.allowed_path?(file_path, [upload_path, Dir.tmpdir].compact)
+ paths = Array.wrap(upload_paths) << Dir.tmpdir
+ unless self.allowed_path?(file_path, paths.compact)
raise InvalidPathError, "insecure path used '#{file_path}'"
end