Commit 5c5a5992 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'sh-ignore-arrays-url-sanitizer' into 'master'

Only allow strings in URL::Sanitizer.valid?

Closes #55079

See merge request gitlab-org/gitlab-ce!23675
parents 5f8a3302 401be1d1
---
title: Only allow strings in URL::Sanitizer.valid?
merge_request: 23675
author:
type: fixed
...@@ -14,6 +14,7 @@ module Gitlab ...@@ -14,6 +14,7 @@ module Gitlab
def self.valid?(url) def self.valid?(url)
return false unless url.present? return false unless url.present?
return false unless url.is_a?(String)
uri = Addressable::URI.parse(url.strip) uri = Addressable::URI.parse(url.strip)
......
...@@ -41,6 +41,7 @@ describe Gitlab::UrlSanitizer do ...@@ -41,6 +41,7 @@ describe Gitlab::UrlSanitizer do
false | '123://invalid:url' false | '123://invalid:url'
false | 'valid@project:url.git' false | 'valid@project:url.git'
false | 'valid:pass@project:url.git' false | 'valid:pass@project:url.git'
false | %w(test array)
true | 'ssh://example.com' true | 'ssh://example.com'
true | 'ssh://:@example.com' true | 'ssh://:@example.com'
true | 'ssh://foo@example.com' true | 'ssh://foo@example.com'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment