diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-08-18 16:45:10 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-08-18 16:45:10 +0000 |
| commit | 91fa82d11f6346fecbcf4ec3754aa22cb2aad502 (patch) | |
| tree | 6c9df8ff6f4983007436344226f787bd3b12e02a | |
| parent | 204914983a015170ea1ca4cf6040c04d9a1ec1d9 (diff) | |
| parent | a42c548a8d4cc9b8d8d3f50cc7593f0a92e3cfac (diff) | |
| download | gitlab-ce-91fa82d11f6346fecbcf4ec3754aa22cb2aad502.tar.gz | |
Merge branch 'rs-help-path-traversal' into 'master'
Fix path traversal in HelpController
Closes #2543
See merge request !1922
| -rw-r--r-- | app/controllers/help_controller.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index 8a45dc8860d..71831c5380d 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -10,7 +10,8 @@ class HelpController < ApplicationController respond_to do |format| format.any(:markdown, :md, :html) do - path = Rails.root.join('doc', @category, "#{@file}.md") + # Note: We are purposefully NOT using `Rails.root.join` + path = File.join(Rails.root, 'doc', @category, "#{@file}.md") if File.exist?(path) @markdown = File.read(path) @@ -24,7 +25,8 @@ class HelpController < ApplicationController # Allow access to images in the doc folder format.any(:png, :gif, :jpeg) do - path = Rails.root.join('doc', @category, "#{@file}.#{params[:format]}") + # Note: We are purposefully NOT using `Rails.root.join` + path = File.join(Rails.root, 'doc', @category, "#{@file}.#{params[:format]}") if File.exist?(path) send_file(path, disposition: 'inline') |