Add public/uploads/tmp to allowed upload paths
What does this MR do?
Adds public/uploads/tmp
directory to allowed upload paths.
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
When direct_upload is enabled and a form file is being uploaded, then workhorse uses public/uploads/tmp
path. If uploads.storage_path
i sset to a different directory, then upload fails because public/uploads/tmp
is not in allowed paths.
Reproducer:
- change
uploads.storage_path
to a custom directory - enable
direct_uploads
- got to group settings and try to upload new avatar
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Conforms to the code review guidelines
-
Has been reviewed by a UX Designer -
Has been reviewed by a Frontend maintainer -
Has been reviewed by a Backend maintainer -
Has been reviewed by a Database specialist
-
-
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
If you have multiple commits, please combine them into a few logically organized commits by squashing them -
Internationalization required/considered -
End-to-end tests pass ( package-and-qa
manual pipeline job)
What are the relevant issue numbers?
Closes #49585 (closed)
Edited by Kamil Trzciński (Back 2025-01-01)