Merge branch 'fix/import-url-validator' into 'master'

Fixing URL validation for import_url on projects

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17536

This MR fixes problems related to bypassing `import_url` validation on projects. This makes sure the URL is properly validated so we don't enter crap and fail while running workers that handle this URL.

It also adds a migration to fix current invalid `import_url`s

See merge request !4753

1 files changed, 9 insertions, 1 deletions

diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb
index 7d02fe3c971..86ed18fb50d 100644
--- a/lib/gitlab/url_sanitizer.rb
+++ b/lib/gitlab/url_sanitizer.rb
@@ -6,8 +6,16 @@ module Gitlab
       content.gsub(regexp) { |url| new(url).masked_url }
     end
 
+    def self.valid?(url)
+      Addressable::URI.parse(url.strip)
+
+      true
+    rescue Addressable::URI::InvalidURIError
+      false
+    end
+
     def initialize(url, credentials: nil)
-      @url = Addressable::URI.parse(url)
+      @url = Addressable::URI.parse(url.strip)
       @credentials = credentials
     end