diff options
author | Ruben Davila <rdavila84@gmail.com> | 2017-01-10 15:18:36 -0500 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2017-01-10 15:20:05 -0500 |
commit | 95674fc14ea6b0f0c34376a699167952215f5702 (patch) | |
tree | 1b481a791e0be3d7b0448f3b2b57e108795eda4e | |
parent | b30a02c7b54c05df5dc67d98f6875c88a617a227 (diff) | |
parent | 404a990141eaab1214857f81d3657996773acbdd (diff) | |
download | gitlab-ce-95674fc14ea6b0f0c34376a699167952215f5702.tar.gz |
Merge commit 'dev/8-13-stable' into 8-13-stable
-rw-r--r-- | CHANGELOG.md | 5 | ||||
-rw-r--r-- | Gemfile | 5 | ||||
-rw-r--r-- | Gemfile.lock | 16 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | vendor/assets/javascripts/jquery.turbolinks.js | 49 |
5 files changed, 63 insertions, 14 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index efc561399d1..2c49f44f849 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ Please view this file on the master branch, on stable branches it's out of date. +## 8.13.11 (2017-01-10) + +- Update the gitlab-markup gem to the version 1.5.1. !8509 +- Updated Turbolinks to mitigate potential XSS attacks. + ## 8.13.10 (2016-12-14) - API: Memoize the current_user so that sudo can work properly. !8017 @@ -101,7 +101,7 @@ gem 'seed-fu', '~> 2.3.5' # Markdown and HTML processing gem 'html-pipeline', '~> 1.11.0' gem 'deckar01-task_list', '1.0.5', require: 'task_list/railtie' -gem 'gitlab-markup', '~> 1.5.0' +gem 'gitlab-markup', '~> 1.5.1' gem 'redcarpet', '~> 3.3.3' gem 'RedCloth', '~> 4.3.2' gem 'rdoc', '~>3.6' @@ -214,8 +214,7 @@ gem 'chronic_duration', '~> 0.10.6' gem 'sass-rails', '~> 5.0.6' gem 'coffee-rails', '~> 4.1.0' gem 'uglifier', '~> 2.7.2' -gem 'turbolinks', '~> 2.5.0' -gem 'jquery-turbolinks', '~> 2.1.0' +gem 'gitlab-turbolinks-classic', '~> 2.5', '>= 2.5.6' gem 'addressable', '~> 2.3.8' gem 'bootstrap-sass', '~> 3.3.0' diff --git a/Gemfile.lock b/Gemfile.lock index 06c381d9c5a..0c052835df1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -282,7 +282,9 @@ GEM diff-lcs (~> 1.1) mime-types (>= 1.16, < 3) posix-spawn (~> 0.3) - gitlab-markup (1.5.0) + gitlab-markup (1.5.1) + gitlab-turbolinks-classic (2.5.6) + coffee-rails gitlab_git (10.7.0) activesupport (~> 4.0) charlock_holmes (~> 0.7.3) @@ -361,9 +363,6 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - jquery-turbolinks (2.1.0) - railties (>= 3.1.0) - turbolinks jquery-ui-rails (5.0.5) railties (>= 3.2.16) json (1.8.3) @@ -751,8 +750,6 @@ GEM truncato (0.7.8) htmlentities (~> 4.3.1) nokogiri (~> 1.6.1) - turbolinks (2.5.3) - coffee-rails tzinfo (1.2.2) thread_safe (~> 0.1) u2f (0.2.1) @@ -866,7 +863,8 @@ DEPENDENCIES gemojione (~> 3.0) github-linguist (~> 4.7.0) gitlab-flowdock-git-hook (~> 1.0.1) - gitlab-markup (~> 1.5.0) + gitlab-markup (~> 1.5.1) + gitlab-turbolinks-classic (~> 2.5, >= 2.5.6) gitlab_git (~> 10.7.0) gitlab_omniauth-ldap (~> 1.2.1) gollum-lib (~> 4.2) @@ -883,7 +881,6 @@ DEPENDENCIES influxdb (~> 0.2) jquery-atwho-rails (~> 1.3.2) jquery-rails (~> 4.1.0) - jquery-turbolinks (~> 2.1.0) jquery-ui-rails (~> 5.0.0) json-schema (~> 2.6.2) jwt @@ -979,7 +976,6 @@ DEPENDENCIES thin (~> 1.7.0) timecop (~> 0.8.0) truncato (~> 0.7.8) - turbolinks (~> 2.5.0) u2f (~> 0.2.1) uglifier (~> 2.7.2) underscore-rails (~> 1.8.0) @@ -994,4 +990,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.13.5 + 1.13.6 @@ -1 +1 @@ -8.13.10 +8.13.11 diff --git a/vendor/assets/javascripts/jquery.turbolinks.js b/vendor/assets/javascripts/jquery.turbolinks.js new file mode 100644 index 00000000000..fd6e95e75d5 --- /dev/null +++ b/vendor/assets/javascripts/jquery.turbolinks.js @@ -0,0 +1,49 @@ +// Generated by CoffeeScript 1.7.1 + +/* +jQuery.Turbolinks ~ https://github.com/kossnocorp/jquery.turbolinks +jQuery plugin for drop-in fix binded events problem caused by Turbolinks + +The MIT License +Copyright (c) 2012-2013 Sasha Koss & Rico Sta. Cruz + */ + +(function() { + var $, $document; + + $ = window.jQuery || (typeof require === "function" ? require('jquery') : void 0); + + $document = $(document); + + $.turbo = { + version: '2.1.0', + isReady: false, + use: function(load, fetch) { + return $document.off('.turbo').on("" + load + ".turbo", this.onLoad).on("" + fetch + ".turbo", this.onFetch); + }, + addCallback: function(callback) { + if ($.turbo.isReady) { + callback($); + } + return $document.on('turbo:ready', function() { + return callback($); + }); + }, + onLoad: function() { + $.turbo.isReady = true; + return $document.trigger('turbo:ready'); + }, + onFetch: function() { + return $.turbo.isReady = false; + }, + register: function() { + $(this.onLoad); + return $.fn.ready = this.addCallback; + } + }; + + $.turbo.register(); + + $.turbo.use('page:load', 'page:fetch'); + +}).call(this); |