Fix issue when developers are able to push to protected branch

When that branch contain a '/' in the branch name. Fix for git over HTTP

Fix issue when developers are able to push to protected branch
When that branch contain a '/' in the branch name. Fix for git over HTTP
Dmitriy Zaporozhets
1 parent 551946a3
Showing 1 changed file with 3 additions and 3 deletions Show diff stats
lib/gitlab/backend/grack_auth.rb
@@ -15,7 +15,7 @@ module Grack
       @auth = Request.new(env)
  
       # Need this patch due to the rails mount
-      
+
       # Need this if under RELATIVE_URL_ROOT
       unless Gitlab.config.gitlab.relative_url_root.empty?
         # If website is mounted using relative_url_root need to remove it first
@@ -23,7 +23,7 @@ module Grack
       else
         @env['PATH_INFO'] = @request.path
       end
-      
+
       @env['SCRIPT_NAME'] = ""
  
       auth!
@@ -110,7 +110,7 @@ module Grack
  
       # Need to reset seek point
       @request.body.rewind
-      /refs\/heads\/([\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last
+      /refs\/heads\/([\/\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last
     end
   end
 end
...	...	@@ -15,7 +15,7 @@ module Grack
15	15	@auth = Request.new(env)
16	16
17	17	# Need this patch due to the rails mount
18		-
	18	+
19	19	# Need this if under RELATIVE_URL_ROOT
20	20	unless Gitlab.config.gitlab.relative_url_root.empty?
21	21	# If website is mounted using relative_url_root need to remove it first
...	...	@@ -23,7 +23,7 @@ module Grack
23	23	else
24	24	@env['PATH_INFO'] = @request.path
25	25	end
26		-
	26	+
27	27	@env['SCRIPT_NAME'] = ""
28	28
29	29	auth!
...	...	@@ -110,7 +110,7 @@ module Grack
110	110
111	111	# Need to reset seek point
112	112	@request.body.rewind
113		- /refs\/heads\/([\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last
	113	+ /refs\/heads\/([\/\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last
114	114	end
115	115	end
116	116	end
...	...