Merge branch 'security-stored-xss-for-environments' into 'master'

[master] Stored XSS for Environments Closes #2727 See merge request gitlab/gitlabhq!2594
author: Cindy Pallares <cindy@gitlab.com> 2018-11-28 18:37:12 +0000
committer: Cindy Pallares <cindy@gitlab.com> 2018-11-28 19:07:29 -0500
commit: 4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6 (patch)
tree: 8187716680c85065ed8780632408d4ccf897ba50 /db
parent: 1be0174b6aaab1c0cfe86a8b1c91b8ea6fa3db72 (diff)
download: gitlab-ce-4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/db/migrate/20181108091549_cleanup_environments_external_url.rb b/db/migrate/20181108091549_cleanup_environments_external_url.rb
new file mode 100644
index 00000000000..8d6c20a4b15
--- /dev/null
+++ b/db/migrate/20181108091549_cleanup_environments_external_url.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class CleanupEnvironmentsExternalUrl < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    update_column_in_batches(:environments, :external_url, nil) do |table, query|
+      query.where(table[:external_url].matches('javascript://%'))
+    end
+  end
+
+  def down
+  end
+end
author	Cindy Pallares <cindy@gitlab.com>	2018-11-28 18:37:12 +0000
committer	Cindy Pallares <cindy@gitlab.com>	2018-11-28 19:07:29 -0500
commit	4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6 (patch)
tree	8187716680c85065ed8780632408d4ccf897ba50 /db
parent	1be0174b6aaab1c0cfe86a8b1c91b8ea6fa3db72 (diff)
download	gitlab-ce-4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6.tar.gz