Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
c161065e
Commit
c161065e
authored
Apr 22, 2016
by
Jacob Vosmaer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don't mess up our parent controller
parent
9add3fbb
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
28 additions
and
30 deletions
+28
-30
app/controllers/projects/application_controller.rb
app/controllers/projects/application_controller.rb
+7
-19
app/controllers/projects/git_http_controller.rb
app/controllers/projects/git_http_controller.rb
+21
-11
No files found.
app/controllers/projects/application_controller.rb
View file @
c161065e
...
...
@@ -10,6 +10,9 @@ class Projects::ApplicationController < ApplicationController
def
project
unless
@project
namespace
=
params
[
:namespace_id
]
id
=
params
[
:project_id
]
||
params
[
:id
]
# Redirect from
# localhost/group/project.git
# to
...
...
@@ -20,11 +23,12 @@ class Projects::ApplicationController < ApplicationController
return
end
@project
=
find_project
project_path
=
"
#{
namespace
}
/
#{
id
}
"
@project
=
Project
.
find_with_namespace
(
project_path
)
if
@project
&&
can?
(
current_user
,
:read_project
,
@project
)
if
@project
.
path_with_namespace
!=
p
ath_with_namespace
redirect_to
request
.
original_url
.
gsub
(
p
ath_with_namespace
,
@project
.
path_with_namespace
)
if
@project
.
path_with_namespace
!=
p
roject_path
redirect_to
request
.
original_url
.
gsub
(
p
roject_path
,
@project
.
path_with_namespace
)
end
else
@project
=
nil
...
...
@@ -40,22 +44,6 @@ class Projects::ApplicationController < ApplicationController
@project
end
def
id
params
[
:project_id
]
||
params
[
:id
]
end
def
namespace
params
[
:namespace_id
]
end
def
path_with_namespace
"
#{
namespace
}
/
#{
id
}
"
end
def
find_project
Project
.
find_with_namespace
(
path_with_namespace
)
end
def
repository
@repository
||=
project
.
repository
end
...
...
app/controllers/projects/git_http_controller.rb
View file @
c161065e
...
...
@@ -119,27 +119,37 @@ class Projects::GitHttpController < Projects::ApplicationController
def
project
return
@project
if
defined?
(
@project
)
@project
=
find_project
project_id
,
_
=
project_id_with_suffix
if
project_id
.
blank?
@project
=
nil
else
@project
=
Project
.
find_with_namespace
(
"
#{
params
[
:namespace_id
]
}
/
#{
project_id
}
"
)
end
end
def
id
id
=
params
[
:project_id
]
return
if
id
.
nil?
# This method returns two values so that we can parse
# params[:project_id] (untrusted input!) in exactly one place.
def
project_id_with_suffix
id
=
params
[
:project_id
]
||
''
%w{.wiki.git .git}
.
each
do
|
suffix
|
# Be careful to only remove the suffix from the end of 'id'.
# Accidentally removing it from the middle is how security
# vulnerabilities happen!
return
id
.
slice
(
0
,
id
.
length
-
suffix
.
length
)
if
id
.
end_with?
(
suffix
)
if
id
.
end_with?
(
suffix
)
# Be careful to only remove the suffix from the end of 'id'.
# Accidentally removing it from the middle is how security
# vulnerabilities happen!
return
[
id
.
slice
(
0
,
id
.
length
-
suffix
.
length
),
suffix
]
end
end
#
No valid id was found
.
nil
#
Something is wrong with params[:project_id]; do not pass it on
.
[
nil
,
nil
]
end
def
repository
@repository
||=
begin
if
params
[
:project_id
].
end_with?
(
'.wiki.git'
)
_
,
suffix
=
project_id_with_suffix
if
suffix
==
'.wiki.git'
project
.
wiki
.
repository
else
project
.
repository
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment