GitLab steht wegen Wartungsarbeiten am Montag, den 10. Mai, zwischen 17:00 und 19:00 Uhr nicht zur Verfügung.

Commit edd05fc4 authored by Douwe Maan's avatar Douwe Maan

Fix directory traversal vulnerability around help pages.

parent 93133f4d
......@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 7.10.0 (unreleased)
- Fix directory traversal vulnerability around uploads routes.
- Fix directory traversal vulnerability around help pages.
- Fix broken file browsing with a submodule that contains a relative link (Stan Hu)
- Fix bug where Wiki pages that included a '/' were no longer accessible (Stan Hu)
- Fix bug where error messages from Dropzone would not be displayed on the issues page (Stan Hu)
......
......@@ -3,7 +3,7 @@ def index
end
def show
@filepath = params[:filepath]
@filepath = clean_path_info(params[:filepath])
@format = params[:format]
respond_to do |format|
......@@ -36,4 +36,22 @@ def send_file_data
def ui
end
# Taken from ActionDispatch::FileHandler
PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
def clean_path_info(path_info)
parts = path_info.split PATH_SEPS
clean = []
parts.each do |part|
next if part.empty? || part == '.'
part == '..' ? clean.pop : clean << part
end
clean.unshift '/' if parts.empty? || parts.first.empty?
::File.join(*clean)
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment