| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Adding parenthetical about guest users not being able to view private
projects.
|
|\
| |
| |
| |
| |
| |
| | |
Fix broken master because of security merge
Closes #65294
See merge request gitlab-org/gitlab-ce!31252
|
|/ |
|
|\
| |
| |
| |
| | |
Update Rugged to 0.28.2
See merge request gitlab-org/gitlab-ce!31218
|
| |
| |
| |
| |
| | |
This is a bug fix release:
https://github.com/libgit2/libgit2/releases
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Change qa-merge-request-settings to rspec-merge-request-settings
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31207
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-* class references to js-* for suggestions
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31213
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-* class references to js-* for squash-checkbox
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31214
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-reverse-sort class references to rspec-reverse-sort
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31202
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-* class references to rspec-* in spec/features/contextual_sidebar_spec.rb
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31211
|
|/ / /
| | |
| | |
| | | |
spec/features/contextual_sidebar_spec.rb
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-issuable-form-description to rspec-issuable-form-description
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31209
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-full-name to rspec-full-name
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31206
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-* class references to rspec-* for repository settings
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31210
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-create-page-button to rspec-create-page-button
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31204
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-* to rspec-* for save-merge-request-changes
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31205
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Change qa-* class references to rspec-* for `allowed-to-{push|merge}-dropdown`
Closes gitlab-org/quality/team-tasks#182
See merge request gitlab-org/gitlab-ce!31203
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Create index on environments by state
See merge request gitlab-org/gitlab-ce!31231
|
|/ / / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make pdf.js render CJK characters
Closes #62152
See merge request gitlab-org/gitlab-ce!31220
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
As mentioned in
https://github.com/wojtekmaj/react-pdf/blob/master/README.md,
pdf.js needs the bundled cMaps files to work.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62152
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Migrations for adding issue_id to versions table (CE)
See merge request gitlab-org/gitlab-ce!30765
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These migrations do the following:
- Adds a new `issue_id` column to `versions`. This fixes an n+1 problem
when loading versions for an issue in GraphQL as AR can now load from
cache
- Change the unique restraint on versions.sha to be scoped to `issue_id`
as in order to import version data, we need to allow duplicate `sha`
values for versions
- Update all versions with an `issue_id`
https://gitlab.com/gitlab-org/gitlab-ee/issues/11090
|
|\ \ \ |
|
| | | |
| | | |
| | | | |
[ci skip]
|
| | | |
| | | |
| | | | |
[ci skip]
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Extract SanitizeNodeLink and apply to WikiLinkFilter
See merge request gitlab/gitlabhq!3143
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The SanitizationFilter was running before the WikiFilter. Since
WikiFilter can modify links, we could see links that _should_ be stopped
by SanatizationFilter being rendered on the page. I (kerrizor) had
previously addressed the bug in: https://gitlab.com/gitlab-org/gitlab-ee/commit/7bc971915bbeadb950bb0e1f13510bf3038229a4
However, an additional exploit was discovered after that was merged.
Working through the issue, we couldn't simply shuffle the order of
filters, due to some implicit assumptions about the order of filters, so
instead we've extracted the logic that sanitizes a Nokogiri-generated
Node object, and applied it to the WikiLinkFilter as well.
On moving filters around:
Once we start moving around filters, we get cascading failures; fix one,
another one crops up. Many of the existing filters in the WikiPipeline
chain seem to assume that other filters have already done their work,
and thus operate on a "transform anything that's left" basis;
WikiFilter, for instance, assumes any link it finds in the markdown
should be prepended with the wiki_base_path.. but if it does that, it
also turns `href="@user"` into `href="/path/to/wiki/@user"`, which the
UserReferenceFilter doesn't see as a user reference it needs to
transform into a user profile link. This is true for all the reference
filters in the WikiPipeline.
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Don't display badges when builds are restricted
Closes #2864
See merge request gitlab/gitlabhq!3175
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Badges were leaked to unauthorized users even when Public Builds
project setting is disabled.
Added guard clause to the controller to check if user can read
build.
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Do not allow localhost url redirection in GitHub Integration
See merge request gitlab/gitlabhq!3188
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Drop feature to take ownership of a trigger token
Closes #2868
See merge request gitlab/gitlabhq!3198
|
| | | |/ / /
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Removing API and frontend interactions that allowed
users to take ownership of a trigger token.
Removed mentions from the documentation.
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
MR pipeline permissions
Closes #2871
See merge request gitlab/gitlabhq!3204
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
MergeRequest#all_pipelines
MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Server Side Request Forgery mitigation bypass
Closes #2872
See merge request gitlab/gitlabhq!3205
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When we can't resolve the hostname or it is invalid, we shouldn't
even perform the request. This fix also fixes the problem the
SSRF rebinding attack.
We can't stub feature flags outside example blocks. Nevertheless,
there are some actions that calls the UrlBlocker, that are performed
outside example blocks, ie: `set` instruction.
That's why we have to use some signalign mechanism outside the scope
of the specs.
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Queries for Upload should be scoped by model
See merge request gitlab/gitlabhq!3229
|
| | | |_|/ / / /
| | |/| | | | | |
|