Skip to content
Unverified Commit a4ef6934 authored by Alessio Caiazza's avatar Alessio Caiazza
Browse files

Validate URI scheme also for internal URI

This is a backport for 11.4 stable branch.

Gitlab::UrlBlocker ignores scheme when validating URI matching either
config.gitlab or config.gitlab_shell

This patch enforces matching config.gitlab.protocol for internal web and
ssh for internal shell.

A cleanup migration for stored XSS from environments table is included.
parent 40030677
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment