Add latest changes from gitlab-org/gitlab@13-2-stable-ee

5 files changed, 16 insertions, 3 deletions

diff --git a/lib/banzai/filter/label_reference_filter.rb b/lib/banzai/filter/label_reference_filter.rb
index 7cda4699ae6..2ab88620df1 100644
--- a/lib/banzai/filter/label_reference_filter.rb
+++ b/lib/banzai/filter/label_reference_filter.rb
@@ -119,3 +119,5 @@ module Banzai
     end
   end
 end
+
+Banzai::Filter::LabelReferenceFilter.prepend_if_ee('EE::Banzai::Filter::LabelReferenceFilter')
diff --git a/lib/banzai/filter/reference_filter.rb b/lib/banzai/filter/reference_filter.rb
index 9032ca6ddc6..33df1d655fd 100644
--- a/lib/banzai/filter/reference_filter.rb
+++ b/lib/banzai/filter/reference_filter.rb
@@ -55,7 +55,6 @@ module Banzai
         attributes[:reference_type] ||= self.class.reference_type
         attributes[:container] ||= 'body'
         attributes[:placement] ||= 'top'
-        attributes[:html] ||= 'true'
         attributes.delete(:original) if context[:no_original_data]
         attributes.map do |key, value|
           %Q(data-#{key.to_s.dasherize}="#{escape_once(value)}")
diff --git a/lib/gitlab/base_doorkeeper_controller.rb b/lib/gitlab/base_doorkeeper_controller.rb
index b78993aba30..0f370850b5b 100644
--- a/lib/gitlab/base_doorkeeper_controller.rb
+++ b/lib/gitlab/base_doorkeeper_controller.rb
@@ -5,6 +5,8 @@
 module Gitlab
   class BaseDoorkeeperController < ActionController::Base
     include Gitlab::Allowable
+    include EnforcesTwoFactorAuthentication
+
     helper_method :can?
   end
 end
diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb
index 7be0ef05a49..ad2a718ef67 100644
--- a/lib/gitlab/checks/branch_check.rb
+++ b/lib/gitlab/checks/branch_check.rb
@@ -12,7 +12,8 @@ module Gitlab
         push_protected_branch: 'You are not allowed to push code to protected branches on this project.',
         create_protected_branch: 'You are not allowed to create protected branches on this project.',
         invalid_commit_create_protected_branch: 'You can only use an existing protected branch ref as the basis of a new protected branch.',
-        non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.'
+        non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.',
+        prohibited_hex_branch_name: 'You cannot create a branch with a 40-character hexadecimal branch name.'
       }.freeze
 
       LOG_MESSAGES = {
@@ -32,11 +33,20 @@ module Gitlab
           end
         end
 
+        prohibited_branch_checks
         protected_branch_checks
       end
 
       private
 
+      def prohibited_branch_checks
+        return unless Feature.enabled?(:prohibit_hexadecimal_branch_names, project, default_enabled: true)
+
+        if branch_name =~ /\A\h{40}\z/
+          raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_hex_branch_name]
+        end
+      end
+
       def protected_branch_checks
         logger.log_timed(LOG_MESSAGES[:protected_branch_checks]) do
           return unless ProtectedBranch.protected?(project, branch_name) # rubocop:disable Cop/AvoidReturnFromBlocks
diff --git a/lib/gitlab/markdown_cache.rb b/lib/gitlab/markdown_cache.rb
index 21797bf988d..ac3492dbe33 100644
--- a/lib/gitlab/markdown_cache.rb
+++ b/lib/gitlab/markdown_cache.rb
@@ -3,7 +3,7 @@
 module Gitlab
   module MarkdownCache
     # Increment this number every time the renderer changes its output
-    CACHE_COMMONMARK_VERSION        = 23
+    CACHE_COMMONMARK_VERSION        = 24
     CACHE_COMMONMARK_VERSION_START  = 10
 
     BaseError = Class.new(StandardError)