Download as
Browse Code »

Commit 995e656addd588377fbf8ae6f9e04dee37ebc604

Authored by Dmitriy Zaporozhets
1 parent 8f52501e
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Add path blacklist

Showing 4 changed files with 13 additions and 9 deletions   Show diff stats
app/models/namespace.rb
  Diff comments   View file @995e656
@@ -27,6 +27,7 @@ class Namespace < ActiveRecord::Base @@ -27,6 +27,7 @@ class Namespace < ActiveRecord::Base
27 message: "only letters, digits, spaces & '_' '-' '.' allowed." } 27 message: "only letters, digits, spaces & '_' '-' '.' allowed." }
28 validates :description, length: { within: 0..255 } 28 validates :description, length: { within: 0..255 }
29 validates :path, uniqueness: true, presence: true, length: { within: 1..255 }, 29 validates :path, uniqueness: true, presence: true, length: { within: 1..255 },
  30 + exclusion: { in: Gitlab::Blacklist.path },
30 format: { with: Gitlab::Regex.path_regex, 31 format: { with: Gitlab::Regex.path_regex,
31 message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } 32 message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
32 33
app/models/project.rb
  Diff comments   View file @995e656
@@ -79,6 +79,7 @@ class Project < ActiveRecord::Base @@ -79,6 +79,7 @@ class Project < ActiveRecord::Base
79 format: { with: Gitlab::Regex.project_name_regex, 79 format: { with: Gitlab::Regex.project_name_regex,
80 message: "only letters, digits, spaces & '_' '-' '.' allowed. Letter should be first" } 80 message: "only letters, digits, spaces & '_' '-' '.' allowed. Letter should be first" }
81 validates :path, presence: true, length: { within: 0..255 }, 81 validates :path, presence: true, length: { within: 0..255 },
  82 + exclusion: { in: Gitlab::Blacklist.path },
82 format: { with: Gitlab::Regex.path_regex, 83 format: { with: Gitlab::Regex.path_regex,
83 message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } 84 message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
84 validates :issues_enabled, :wall_enabled, :merge_requests_enabled, 85 validates :issues_enabled, :wall_enabled, :merge_requests_enabled,
@@ -92,7 +93,7 @@ class Project < ActiveRecord::Base @@ -92,7 +93,7 @@ class Project < ActiveRecord::Base
92 format: { with: URI::regexp(%w(http https)), message: "should be a valid url" }, 93 format: { with: URI::regexp(%w(http https)), message: "should be a valid url" },
93 if: :import? 94 if: :import?
94 95
95 - validate :check_limit, :repo_name 96 + validate :check_limit
96 97
97 # Scopes 98 # Scopes
98 scope :without_user, ->(user) { where("projects.id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) } 99 scope :without_user, ->(user) { where("projects.id NOT IN (:ids)", ids: user.authorized_projects.map(&:id) ) }
@@ -166,14 +167,6 @@ class Project < ActiveRecord::Base @@ -166,14 +167,6 @@ class Project < ActiveRecord::Base
166 errors[:base] << ("Can't check your ability to create project") 167 errors[:base] << ("Can't check your ability to create project")
167 end 168 end
168 169
169 - def repo_name  
170 - denied_paths = %w(admin dashboard groups help profile projects search)  
171 -  
172 - if denied_paths.include?(path)  
173 - errors.add(:path, "like #{path} is not allowed")  
174 - end  
175 - end  
176 -  
177 def to_param 170 def to_param
178 if namespace 171 if namespace
179 namespace.path + "/" + path 172 namespace.path + "/" + path
app/models/user.rb
  Diff comments   View file @995e656
@@ -104,6 +104,7 @@ class User &lt; ActiveRecord::Base @@ -104,6 +104,7 @@ class User &lt; ActiveRecord::Base
104 validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider} 104 validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
105 validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0} 105 validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0}
106 validates :username, presence: true, uniqueness: true, 106 validates :username, presence: true, uniqueness: true,
  107 + exclusion: { in: Gitlab::Blacklist.path },
107 format: { with: Gitlab::Regex.username_regex, 108 format: { with: Gitlab::Regex.username_regex,
108 message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } 109 message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
109 110
lib/gitlab/blacklist.rb 0 → 100644
  Diff comments   View file @995e656
@@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
  1 +module Gitlab
  2 + module Blacklist
  3 + extend self
  4 +
  5 + def path
  6 + %w(admin dashboard groups help profile projects search public assets u s teams merge_requests issues users snippets )
  7 + end
  8 + end
  9 +end