Commit 9ae2097d authored by Daniel Gerhardt's avatar Daniel Gerhardt

Forbid paths matching the pattern of THM usernames

parent de1947a3
......@@ -53,6 +53,7 @@ class Group < Namespace
validate :visibility_level_allowed_by_sub_groups
validate :visibility_level_allowed_by_parent
validates :variables, variable_duplicates: true
validates :path, format: { without: /\A([a-zA-Z]{4}[0-9]{2}|hg[0-9]+)\z/, message: "must not match the format of THM usernames" }
validates :two_factor_grace_period, presence: true, numericality: { greater_than_or_equal_to: 0 }
......
......@@ -344,6 +344,7 @@ class Project < ActiveRecord::Base
inclusion: { in: ->(_object) { Gitlab.config.repositories.storages.keys } }
validates :variables, variable_duplicates: { scope: :environment_scope }
validates :bfg_object_map, file_size: { maximum: :max_attachment_size }
validates :path, format: { without: /\A([a-zA-Z]{4}[0-9]{2}|hg[0-9]+)\z/, message: "must not match the format of THM usernames" }
# Scopes
scope :pending_delete, -> { where(pending_delete: true) }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment