Merge commit 'dev/8-13-stable' into 8-13-stable

author: Ruben Davila <rdavila84@gmail.com> 2017-01-10 15:18:36 -0500
committer: Ruben Davila <rdavila84@gmail.com> 2017-01-10 15:20:05 -0500
commit: 95674fc14ea6b0f0c34376a699167952215f5702 (patch)
tree: 1b481a791e0be3d7b0448f3b2b57e108795eda4e
parent: b30a02c7b54c05df5dc67d98f6875c88a617a227 (diff)
parent: 404a990141eaab1214857f81d3657996773acbdd (diff)
download: gitlab-ce-95674fc14ea6b0f0c34376a699167952215f5702.tar.gz
5 files changed, 63 insertions, 14 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index efc561399d1..2c49f44f849 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
+## 8.13.11 (2017-01-10)
+
+- Update the gitlab-markup gem to the version 1.5.1. !8509
+- Updated Turbolinks to mitigate potential XSS attacks.
+
 ## 8.13.10 (2016-12-14)
 
 - API: Memoize the current_user so that sudo can work properly. !8017
diff --git a/Gemfile b/Gemfile
index 80621ead8be..c5c51cfdff7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -101,7 +101,7 @@ gem 'seed-fu', '~> 2.3.5'
 # Markdown and HTML processing
 gem 'html-pipeline',      '~> 1.11.0'
 gem 'deckar01-task_list', '1.0.5', require: 'task_list/railtie'
-gem 'gitlab-markup',      '~> 1.5.0'
+gem 'gitlab-markup',      '~> 1.5.1'
 gem 'redcarpet',          '~> 3.3.3'
 gem 'RedCloth',           '~> 4.3.2'
 gem 'rdoc',               '~>3.6'
@@ -214,8 +214,7 @@ gem 'chronic_duration', '~> 0.10.6'
 gem 'sass-rails', '~> 5.0.6'
 gem 'coffee-rails', '~> 4.1.0'
 gem 'uglifier', '~> 2.7.2'
-gem 'turbolinks', '~> 2.5.0'
-gem 'jquery-turbolinks', '~> 2.1.0'
+gem 'gitlab-turbolinks-classic', '~> 2.5', '>= 2.5.6'
 
 gem 'addressable',        '~> 2.3.8'
 gem 'bootstrap-sass',     '~> 3.3.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 06c381d9c5a..0c052835df1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -282,7 +282,9 @@ GEM
       diff-lcs (~> 1.1)
       mime-types (>= 1.16, < 3)
       posix-spawn (~> 0.3)
-    gitlab-markup (1.5.0)
+    gitlab-markup (1.5.1)
+    gitlab-turbolinks-classic (2.5.6)
+      coffee-rails
     gitlab_git (10.7.0)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.7.3)
@@ -361,9 +363,6 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jquery-turbolinks (2.1.0)
-      railties (>= 3.1.0)
-      turbolinks
     jquery-ui-rails (5.0.5)
       railties (>= 3.2.16)
     json (1.8.3)
@@ -751,8 +750,6 @@ GEM
     truncato (0.7.8)
       htmlentities (~> 4.3.1)
       nokogiri (~> 1.6.1)
-    turbolinks (2.5.3)
-      coffee-rails
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
     u2f (0.2.1)
@@ -866,7 +863,8 @@ DEPENDENCIES
   gemojione (~> 3.0)
   github-linguist (~> 4.7.0)
   gitlab-flowdock-git-hook (~> 1.0.1)
-  gitlab-markup (~> 1.5.0)
+  gitlab-markup (~> 1.5.1)
+  gitlab-turbolinks-classic (~> 2.5, >= 2.5.6)
   gitlab_git (~> 10.7.0)
   gitlab_omniauth-ldap (~> 1.2.1)
   gollum-lib (~> 4.2)
@@ -883,7 +881,6 @@ DEPENDENCIES
   influxdb (~> 0.2)
   jquery-atwho-rails (~> 1.3.2)
   jquery-rails (~> 4.1.0)
-  jquery-turbolinks (~> 2.1.0)
   jquery-ui-rails (~> 5.0.0)
   json-schema (~> 2.6.2)
   jwt
@@ -979,7 +976,6 @@ DEPENDENCIES
   thin (~> 1.7.0)
   timecop (~> 0.8.0)
   truncato (~> 0.7.8)
-  turbolinks (~> 2.5.0)
   u2f (~> 0.2.1)
   uglifier (~> 2.7.2)
   underscore-rails (~> 1.8.0)
@@ -994,4 +990,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.13.5
+   1.13.6
diff --git a/VERSION b/VERSION
index 3c1350b628f..3b08e80e2ab 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-8.13.10
+8.13.11
diff --git a/vendor/assets/javascripts/jquery.turbolinks.js b/vendor/assets/javascripts/jquery.turbolinks.js
new file mode 100644
index 00000000000..fd6e95e75d5
--- /dev/null
+++ b/vendor/assets/javascripts/jquery.turbolinks.js
@@ -0,0 +1,49 @@
+// Generated by CoffeeScript 1.7.1
+
+/*
+jQuery.Turbolinks ~ https://github.com/kossnocorp/jquery.turbolinks
+jQuery plugin for drop-in fix binded events problem caused by Turbolinks
+
+The MIT License
+Copyright (c) 2012-2013 Sasha Koss & Rico Sta. Cruz
+ */
+
+(function() {
+  var $, $document;
+
+  $ = window.jQuery || (typeof require === "function" ? require('jquery') : void 0);
+
+  $document = $(document);
+
+  $.turbo = {
+    version: '2.1.0',
+    isReady: false,
+    use: function(load, fetch) {
+      return $document.off('.turbo').on("" + load + ".turbo", this.onLoad).on("" + fetch + ".turbo", this.onFetch);
+    },
+    addCallback: function(callback) {
+      if ($.turbo.isReady) {
+        callback($);
+      }
+      return $document.on('turbo:ready', function() {
+        return callback($);
+      });
+    },
+    onLoad: function() {
+      $.turbo.isReady = true;
+      return $document.trigger('turbo:ready');
+    },
+    onFetch: function() {
+      return $.turbo.isReady = false;
+    },
+    register: function() {
+      $(this.onLoad);
+      return $.fn.ready = this.addCallback;
+    }
+  };
+
+  $.turbo.register();
+
+  $.turbo.use('page:load', 'page:fetch');
+
+}).call(this);
author	Ruben Davila <rdavila84@gmail.com>	2017-01-10 15:18:36 -0500
committer	Ruben Davila <rdavila84@gmail.com>	2017-01-10 15:20:05 -0500
commit	95674fc14ea6b0f0c34376a699167952215f5702 (patch)
tree	1b481a791e0be3d7b0448f3b2b57e108795eda4e
parent	b30a02c7b54c05df5dc67d98f6875c88a617a227 (diff)
parent	404a990141eaab1214857f81d3657996773acbdd (diff)
download	gitlab-ce-95674fc14ea6b0f0c34376a699167952215f5702.tar.gz