Add FileUploader.root to allowed upload paths
What does this MR do?
Currently we check if uploaded file is under
Gitlab.config.uploads.storage_path, the problem is that
uploads are placed in uploads subdirectory which is symlink.
In allow_path? method we check real (expanded) paths, which causes
that Gitlab.config.uploads.storage_path is expaned into symlink
path and there is a mismatch with upload file path.
By adding Gitlab.config.uploads.storage_path/uploads into allowed
paths, this path is expaned during path check.
Gitlab.config.uploads.storage_path is left there intentionally in case
some uploader wouldn't use uploads subdir.
No test is included for this change (this is just about including symlink dir), there is not much logic to test in this.
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Conform by the code review guidelines
-
Has been reviewed by a UX Designer -
Has been reviewed by a Frontend maintainer -
Has been reviewed by a Backend maintainer -
Has been reviewed by a Database specialist
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Conform by the database guides -
If you have multiple commits, please combine them into a few logically organized commits by squashing them -
Internationalization required/considered -
End-to-end tests pass ( package-and-qamanual pipeline job)
What are the relevant issue numbers?
Closes gitlab-qa#291 (closed)
Edited by Kamil Trzciński