Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
8b8608df
Commit
8b8608df
authored
Oct 28, 2021
by
Doug Stull
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Change whitelist to allowlist
- more inclusive language
parent
59297396
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
6 additions
and
6 deletions
+6
-6
app/controllers/concerns/workhorse_authorization.rb
app/controllers/concerns/workhorse_authorization.rb
+2
-2
ee/app/controllers/projects/requirements_management/requirements_controller.rb
...ojects/requirements_management/requirements_controller.rb
+4
-4
No files found.
app/controllers/concerns/workhorse_authorization.rb
View file @
8b8608df
...
...
@@ -26,7 +26,7 @@ module WorkhorseAuthorization
def
file_is_valid?
(
file
)
return
false
unless
file
.
is_a?
(
::
UploadedFile
)
file_extension_
white
list
.
include?
(
File
.
extname
(
file
.
original_filename
).
downcase
.
delete
(
'.'
))
file_extension_
allow
list
.
include?
(
File
.
extname
(
file
.
original_filename
).
downcase
.
delete
(
'.'
))
end
def
uploader_class
...
...
@@ -37,7 +37,7 @@ module WorkhorseAuthorization
raise
NotImplementedError
end
def
file_extension_
white
list
def
file_extension_
allow
list
ImportExportUploader
::
EXTENSION_ALLOWLIST
end
end
ee/app/controllers/projects/requirements_management/requirements_controller.rb
View file @
8b8608df
...
...
@@ -3,7 +3,7 @@
class
Projects::RequirementsManagement::RequirementsController
<
Projects
::
ApplicationController
include
WorkhorseAuthorization
EXTENSION_
WHITE
LIST
=
%w[csv]
.
map
(
&
:downcase
).
freeze
EXTENSION_
ALLOW
LIST
=
%w[csv]
.
map
(
&
:downcase
).
freeze
before_action
:authorize_read_requirement!
before_action
:authorize_import_access!
,
only:
[
:import_csv
,
:authorize
]
...
...
@@ -44,7 +44,7 @@ class Projects::RequirementsManagement::RequirementsController < Projects::Appli
end
def
invalid_file_message
supported_file_extensions
=
".
#{
EXTENSION_
WHITE
LIST
.
join
(
', .'
)
}
"
supported_file_extensions
=
".
#{
EXTENSION_
ALLOW
LIST
.
join
(
', .'
)
}
"
_
(
"The uploaded file was invalid. Supported file extensions are %{extensions}."
)
%
{
extensions:
supported_file_extensions
}
end
...
...
@@ -56,7 +56,7 @@ class Projects::RequirementsManagement::RequirementsController < Projects::Appli
Gitlab
::
CurrentSettings
.
max_attachment_size
.
megabytes
end
def
file_extension_
white
list
EXTENSION_
WHITE
LIST
def
file_extension_
allow
list
EXTENSION_
ALLOW
LIST
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
