Merge branch 'issue_23548_dev' into 'master'

disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Douwe Maan <douwe@gitlab.com> 2016-11-01 20:18:51 +0000
committer: Rémy Coutable <remy@rymai.me> 2016-11-09 12:25:17 +0100
commit: bf061d0aff091a73611037b811cea2d3380962f4 (patch)
tree: 11294b9f8d9b321f597c268bd4846ffd5b99f6e9 /app/policies
parent: 79d94b167999544086db235602a9213a2d37831e (diff)
download: gitlab-ce-bf061d0aff091a73611037b811cea2d3380962f4.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb
index 52fa33bc4b0..88f3179c6ff 100644
--- a/app/policies/issue_policy.rb
+++ b/app/policies/issue_policy.rb
@@ -1,4 +1,8 @@
 class IssuePolicy < IssuablePolicy
+  # This class duplicates the same check of Issue#readable_by? for performance reasons
+  # Make sure to sync this class checks with issue.rb to avoid security problems.
+  # Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information.
+
   def issue
     @subject
   end
author	Douwe Maan <douwe@gitlab.com>	2016-11-01 20:18:51 +0000
committer	Rémy Coutable <remy@rymai.me>	2016-11-09 12:25:17 +0100
commit	bf061d0aff091a73611037b811cea2d3380962f4 (patch)
tree	11294b9f8d9b321f597c268bd4846ffd5b99f6e9 /app/policies
parent	79d94b167999544086db235602a9213a2d37831e (diff)
download	gitlab-ce-bf061d0aff091a73611037b811cea2d3380962f4.tar.gz