realaravinth/debian-mirror-gitlab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

New upstream version 12.6.4

Browse source
This commit is contained in:
Sruthi Chandran 2020-01-14 00:54:23 +05:30
parent b4802bbd4a
commit 54d8419492
4 changed files with 23 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CHANGELOG.md
View file

@ -2,9 +2,15 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 12.6.4
### Security (1 change)
- Fix private objects exposure when using Project Import functionality.
## 12.6.3 ## 12.6.3
- No changes.
### Security (1 change) ### Security (1 change)
- Upgrade json-jwt to v1.11.0. !22440 - Upgrade json-jwt to v1.11.0. !22440

2
VERSION
View file

@ -1 +1 @@
12.6.3 12.6.4

4
lib/gitlab/import_export/attribute_cleaner.rb
View file

@ -3,8 +3,8 @@
module Gitlab module Gitlab
module ImportExport module ImportExport
class AttributeCleaner class AttributeCleaner
ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id] ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id discussion_id custom_attributes]
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/, /attributes/).freeze
def self.clean(*args) def self.clean(*args)
new(*args).clean new(*args).clean

15
spec/lib/gitlab/import_export/attribute_cleaner_spec.rb
View file

@ -25,11 +25,21 @@ describe Gitlab::ImportExport::AttributeCleaner do
'legit_html' => '<p>legit html</p>', 'legit_html' => '<p>legit html</p>',
'_html' => '<p>perfectly ordinary html</p>', '_html' => '<p>perfectly ordinary html</p>',
'cached_markdown_version' => 12345, 'cached_markdown_version' => 12345,
'custom_attributes' => 'whatever',
'some_attributes_metadata' => 'whatever',
'group_id' => 99, 'group_id' => 99,
'commit_id' => 99, 'commit_id' => 99,
'issue_ids' => [1, 2, 3], 'issue_ids' => [1, 2, 3],
'merge_request_ids' => [1, 2, 3], 'merge_request_ids' => [1, 2, 3],
'note_ids' => [1, 2, 3] 'note_ids' => [1, 2, 3],
'attributes' => {
'issue_ids' => [1, 2, 3],
'merge_request_ids' => [1, 2, 3],
'note_ids' => [1, 2, 3]
},
'variables_attributes' => {
'id' => 1
}
} }
end end
@ -40,7 +50,8 @@ describe Gitlab::ImportExport::AttributeCleaner do
'random_id_in_the_middle' => 99, 'random_id_in_the_middle' => 99,
'notid' => 99, 'notid' => 99,
'group_id' => 99, 'group_id' => 99,
'commit_id' => 99 'commit_id' => 99,
'custom_attributes' => 'whatever'
} }
end end