• Oswaldo Ferreira's avatar
    Avoid exposing unaccessible repo data upon GFM processing · 4daf3dc0
    Oswaldo Ferreira authored
    When post-processing relative links to absolute links
    RelativeLinkFilter didn't take into consideration that
    internal repository data could be exposed for users
    that do not have repository access to the project.
    
    This commit solves that by checking whether the user
    can `download_code` at this repository, avoiding any
    processing of this filter if the user can't.
    
    Additionally, if we're processing for a group (
    no project was given), we check if the user can
    read it in order to expand the href as an extra.
    That doesn't seem necessarily a breach now,
    but an extra check doesn't hurt as after all
    the user needs to be able to `read_group`.
    4daf3dc0
security-exposed-default-branch.yml 112 Bytes