An error occurred fetching the project authors.
  1. 31 Jan, 2019 2 commits
  2. 28 Jan, 2019 1 commit
  3. 22 Jan, 2019 1 commit
    • Kamil Trzciński's avatar
      Extract GitLab Pages using RubyZip · 1a8100cf
      Kamil Trzciński authored
      RubyZip allows us to perform strong validation of
      expanded paths where we do extract file.
      
      We introduce the following additional checks
      to extract routines:
      
      1. None of path components can be symlinked,
      2. We drop privileges support for directories,
      3. Symlink source needs to point within the target directory,
         like `public/`,
      4. The symlink source needs to exist ahead of time.
      1a8100cf