diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-25 10:38:56 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-25 10:38:56 +0000 |
| commit | a101152320d86b74d620be2261b165ae086f1ed6 (patch) | |
| tree | 369ea42d4392065f4828728bfaf868a035368231 /app | |
| parent | ec462ae863735295cc26b06a17a548d33f547aae (diff) | |
| parent | 809792896e449db7d672ce537451760702172640 (diff) | |
| download | gitlab-ce-a101152320d86b74d620be2261b165ae086f1ed6.tar.gz | |
Merge branch 'security-issue_2830-11-10' into '11-10-stable'
Prevent leaking information when issue is moved
See merge request gitlab/gitlabhq!3072
Diffstat (limited to 'app')
| -rw-r--r-- | app/views/projects/issues/show.html.haml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/issues/show.html.haml b/app/views/projects/issues/show.html.haml index 4bf1d8702af..f4d8aab8a88 100644 --- a/app/views/projects/issues/show.html.haml +++ b/app/views/projects/issues/show.html.haml @@ -15,7 +15,7 @@ .issuable-status-box.status-box.status-box-issue-closed{ class: issue_button_visibility(@issue, false) } = sprite_icon('mobile-issue-close', size: 16, css_class: 'd-block d-sm-none') .d-none.d-sm-block - - if @issue.moved? + - if @issue.moved? && can?(current_user, :read_issue, @issue.moved_to) - moved_link_start = "<a href=\"#{issue_path(@issue.moved_to)}\" class=\"text-white text-underline\">".html_safe - moved_link_end = '</a>'.html_safe = s_('IssuableStatus|Closed (%{moved_link_start}moved%{moved_link_end})').html_safe % {moved_link_start: moved_link_start, |