Prevent xss attack over group name. Added regex validation for group and team name

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-02-18 09:28:18 +0200
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-02-18 09:28:18 +0200
commit: 020078663e401798d199a1a293ac59d990f81dad (patch)
tree: 6a142474a0fdd838b9348d794e680737a44c22e7 /app/models/namespace.rb
parent: cfdf94fc279e45ddbe0bbb94022a7488c663501c (diff)
download: gitlab-ce-020078663e401798d199a1a293ac59d990f81dad.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 4e157839369..385fa291b48 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -17,11 +17,15 @@ class Namespace < ActiveRecord::Base
   has_many :projects, dependent: :destroy
   belongs_to :owner, class_name: "User"
 
-  validates :name, presence: true, uniqueness: true
+  validates :owner, presence: true
+  validates :name, presence: true, uniqueness: true,
+            length: { within: 0..255 },
+            format: { with: Gitlab::Regex.name_regex,
+                      message: "only letters, digits, spaces & '_' '-' '.' allowed." }
+
   validates :path, uniqueness: true, presence: true, length: { within: 1..255 },
             format: { with: Gitlab::Regex.path_regex,
                       message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
-  validates :owner, presence: true
 
   delegate :name, to: :owner, allow_nil: true, prefix: true
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-02-18 09:28:18 +0200
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-02-18 09:28:18 +0200
commit	020078663e401798d199a1a293ac59d990f81dad (patch)
tree	6a142474a0fdd838b9348d794e680737a44c22e7 /app/models/namespace.rb
parent	cfdf94fc279e45ddbe0bbb94022a7488c663501c (diff)
download	gitlab-ce-020078663e401798d199a1a293ac59d990f81dad.tar.gz