stable
Clone or download
Read-only
Currrently once the a file has been uploaded once on the instance all the checks are bypassed and the file can be added to any repository without needing to upload it again. While this save bandwith and save the uploader some time, it also means that a malicious user can get access to any objects available on the instance as soon as it knows the object ID. This is part of story #12322: have git-lfs batch and basic transfer API Change-Id: I8fcb78da8d7f298c6a2d7a2a0eeef94145442379
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/gitlfs/include/LFSObject/LFSObjectPathAllocator.php | +4 | −4 | Go to diff View file |
| M | plugins/gitlfs/include/LFSObject/LFSObjectRetriever.php | +8 | −0 | Go to diff View file |
| M | plugins/gitlfs/include/Transfer/Basic/LFSBasicTransferObjectSaver.php | +14 | −10 | Go to diff View file |
| M | plugins/gitlfs/include/Transfer/Basic/LFSBasicTransferUploadController.php | +1 | −0 | Go to diff View file |
| M | plugins/gitlfs/include/Transfer/LFSTransferVerifier.php | +17 | −3 | Go to diff View file |
| M | plugins/gitlfs/phpunit/LFSObject/LFSObjectRetrieverTest.php | +23 | −0 | Go to diff View file |
| M | plugins/gitlfs/phpunit/Transfer/Basic/LFSBasicTransferObjectSaverTest.php | +18 | −10 | Go to diff View file |
| M | plugins/gitlfs/phpunit/Transfer/LFSTransferVerifierTest.php | +23 | −0 | Go to diff View file |