Commit aad45011 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Merge branch 'stable-xss-fix' into '7-2-stable'

Stable xss fix

See merge request !1048
parents dc42aae3 ac24a5a3
...@@ -29,12 +29,10 @@ class Projects::RawController < Projects::ApplicationController ...@@ -29,12 +29,10 @@ class Projects::RawController < Projects::ApplicationController
private private
def get_blob_type def get_blob_type
if @blob.mime_type =~ /html|javascript/ if @blob.text?
'text/plain; charset=utf-8' 'text/plain; charset=utf-8'
elsif @blob.name =~ /(?:msi|exe|rar|r0\d|7z|7zip|zip)$/
'application/octet-stream'
else else
@blob.mime_type 'application/octet-stream'
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment