summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add to label :id to responseissue_15673Alfredo Sumaran2016-05-031-1/+1
|
* Update CHANGELOG for 8.6.8, 8.5.12, et al.Robert Speicher2016-05-021-1/+56
| | | | [ci skip]
* Merge remote-tracking branch 'dev/master' into 'master'Robert Speicher2016-05-0245-316/+906
|\
| * Merge branch 'rs-notes-privilege-escalation' into 'master' Robert Speicher2016-04-262-10/+42
| |\ | | | | | | | | | | | | | | | | | | Prevent privilege escalation via notes API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15577 See merge request !1964
| | * Prevent privilege escalation via notes APIRobert Speicher2016-04-262-10/+42
| |/ | | | | | | Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15577
| * Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqMarin Jankovski2016-04-2643-306/+864
| |\
| | * Merge branch '15579-filter-milestone-confidential-issues-api' into 'master' Robert Speicher2016-04-262-2/+39
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | Prevent information disclosure via milestone API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15579 See merge request !1961
| | | * Improve Milestones API specsRémy Coutable2016-04-252-38/+27
| | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| | | * Filter confidential issues from milestones API if user does not have accessStan Hu2016-04-253-2/+50
| | | | | | | | | | | | | | | | Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15579
| | * | Merge branch '15591-fix-project-leak-in-new-mr-view' into 'master' Robert Speicher2016-04-252-0/+13
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent information disclosure via new merge request page Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15591. See merge request !1963
| | | * | Prevent private project name and namespace from leaking in the new MR viewRémy Coutable2016-04-252-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #15591. Signed-off-by: Rémy Coutable <remy@rymai.me>
| | * | | Merge branch 'fix-impersonation-issue' into 'master' Robert Speicher2016-04-259-69/+188
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent privilege escalation via "impersonate" feature Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15548 See merge request !1956
| | | * | | Store original user in variableDouwe Maan2016-04-221-2/+2
| | | | | |
| | | * | | Remove unused methodDouwe Maan2016-04-221-4/+0
| | | | | |
| | | * | | Fix typoDouwe Maan2016-04-221-1/+1
| | | | | |
| | | * | | Fix issue with impersonationDouwe Maan2016-04-229-69/+192
| | | | | |
| | * | | | Merge branch 'fix-private-snippet-api' into 'master' Robert Speicher2016-04-254-7/+99
| | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent information disclosure via snippet API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580 See merge request !1958
| | | * | | | Prevent private snippets in public/internal projects from being leaked via APIStan Hu2016-04-254-7/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580
| | * | | | | Merge branch '15437-fix-xss-in-issue-tracker-service' into 'master' Robert Speicher2016-04-2526-228/+525
| | |\ \ \ \ \ | | | |_|_|/ / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent XSS via custom issue tracker URL Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15437 See merge request !1955
| | | * | | | Ensure URL in all Service subclasses are validRémy Coutable2016-04-2526-228/+525
| | |/ / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | | | | Merge branch 'support-notifications-on-project-snippets' into 'master' Robert Speicher2016-05-026-16/+69
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support e-mail notifications for comments on project snippets While working with project snippets recently, I noticed that notifications would not be sent out for comments on notes. This MR fixes this. Note: I'm not completely sure why `ProjectSnippets#participants` returns an empty array if you don't include the concern that is already in `Snippets` but didn't dig into it any more. Closes #2334 See merge request !3987
| * | | | | | Support e-mail notifications for comments on project snippetsStan Hu2016-05-026-16/+69
|/ / / / / / | | | | | | | | | | | | | | | | | | Closes #2334
* | | | | | Merge branch '15527-fix-wiki-page-creation-issue' into 'master' Robert Speicher2016-05-025-3/+132
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix error when trying to create a wiki page Closes #15527, #15569, #15623, #15630, #15637, #15653, #15870, #16558, #16875, #16987, #17016, https://github.com/gitlabhq/gitlabhq/issues/10317. See merge request !3924
| * | | | | | Simplify specs by not over-expecting15527-fix-wiki-page-creation-issueRémy Coutable2016-05-023-29/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| * | | | | | Fix error when trying to create a wiki pageRémy Coutable2016-04-295-4/+139
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #15527. Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | | | | | Merge branch 'improve-session-expiry' into 'master' Robert Speicher2016-05-021-1/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix "remember me" sign in option Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/4006 Prior to this change, 'remember me' was effectively always on because the `_gitlab_session` cookie was always made persistent. With this change it becomes possible again to have `_gitlab_session`be a session cookie when 'remember me' is unchecked. See merge request !4004
| * | | | | | | Fix "remember me" sign in optionJacob Vosmaer2016-05-021-1/+1
| | | | | | | |
* | | | | | | | Merge branch 'fix-changelog' into 'master' Robert Speicher2016-05-021-1/+0
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove duplicate entry in the CHANGELOG [ci skip] See merge request !4002
| * | | | | | | | Remove duplicate entry in the CHANGELOGDmitriy Zaporozhets2016-05-021-1/+0
| |/ / / / / / /
* | | | | | | | Merge branch 'feature/backport-safewebhooks' into 'master' Robert Speicher2016-05-0212-31/+89
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backported minimal safewebhook implementation to GitLab CE This brings a minimal implementation for gitlab-org/gitlab-ce#13478 backported from EE (gitlab-org/gitlab-ee!334). Also added UI to configure Secret Token Fixes #15365. See merge request !3940
| * | | | | | | Added UI to define secret_token for webhook and systemhookfeature/backport-safewebhooksGabriel Mazetto2016-05-024-6/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Codestyle changes to easy EE merge
| * | | | | | | Backported minimal safewebhook implementation to GitLab CEGabriel Mazetto2016-04-308-25/+58
| | | | | | | |
* | | | | | | | Merge branch 'fix-github-oauth-instructions' into 'master' Achilleas Pipinellis2016-05-011-1/+3
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the GitHub Omniauth instructions Technically the screenshot is also out of date, but I honestly don't care enough to go through the effort of making a sample application, taking a screenshot, etc. See merge request !3976
| * | | | | | | | Fix the GitHub Omniauth instructionsAlex Jordan2016-04-281-1/+3
| | | | | | | | |
* | | | | | | | | Merge branch 'fix/handle-issue-move-access' into 'master' Robert Speicher2016-04-302-0/+41
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle issue move access instead of raising error Closes #15533 See merge request !3990
| * | | | | | | | Handle issue move access instead of raising errorfix/handle-issue-move-accessGrzegorz Bizon2016-04-302-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #15533
* | | | | | | | | Merge branch 'add-parameters' into 'master' Robert Speicher2016-04-301-1/+24
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add more parameters to the filter_parameters config. Adds Sentry DSN, Webhooks, Deploy Keys, etc. Alphabetized the parameters and included line breaks between each parameter. Easier to merge into EE if there are any differences. This also seems to be the more popular syntax for adding new parameters, from what I can find. In the future we may want to [increase the specificity of some of these](http://blog.bigbinary.com/2016/03/07/parameter-filtering-enhacement-rails-5.html) once Rails 5 is out. e.g. instead of `:hook`, `"hook.url"` would be just as effective without removing potentially useful information from the logs. cc: @stanhu See merge request !3971
| * | | | | | | | | Add more parameters to the filter_parameters config.Connor Shea2016-04-291-1/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds Sentry DSN, Webhooks, Deploy Keys, etc. Alphabetized the parameters and included line breaks between each parameter. Easier to merge into EE if there are any differences. This also seems to be the more popular syntax for adding new parameters, from what I can find.
* | | | | | | | | | Merge branch 'check-protected-branches' into 'master' Robert Speicher2016-04-293-10/+23
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cleaned up/tweaked Project#open_branches See commit c825404572040a3a45cb9e2b3d3e7d64900f66c9 for the details of the changes and https://gitlab.com/gitlab-org/gitlab-ce/issues/14280#note_4973648 for more information. See merge request !3985
| * | | | | | | | | | Tweak checking branches in Project#open_branchesYorick Peterse2016-04-292-9/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes 4 things: 1. Project#protected_branches_names has been renamed to Project#protected_branch_names. 2. Project#open_branches uses a Set for the branch names as checking values in a Set is faster than checking values in a (large) Array. 3. Some redundant code in Project#open_branches has been removed. 4. Project#protected_branch_names now uses #pluck instead of #map, removing the need for loading entire DB records into memory.
| * | | | | | | | | | Use a query in Project#protected_branch?Yorick Peterse2016-04-292-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes Project#protected_branch? to use a query to check if a branch is protected, instead of loading all ProtectedBranch records into memory just to check if the list of names includes a given branch name.
* | | | | | | | | | | Merge branch 'fix-docs-links' into 'master' Drew Blessing2016-04-293-3/+3
|\ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix some broken links in the documentation [ci skip] cc: @dblessing @axil See merge request !3982
| * | | | | | | | | | Fix some broken links in the documentation [ci skip]Connor Shea2016-04-293-3/+3
|/ / / / / / / / / /
* | | | | | | | | | Merge branch 'upgrade-doorkeeper' into 'master' Robert Speicher2016-04-292-3/+3
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade Doorkeeper from 2.2.2 to 3.1.0 I’d rather upgrade one major version at a time, so Doorkeeper needs to be upgraded to 3.x before it can be upgraded to 4.x (which includes Rails 5 support). Changelog: https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md#310 Working toward #14286. See merge request !3644
| * | | | | | | | | | Upgrade Doorkeeper from 2.2.2 to 3.1.0connorshea2016-04-282-3/+3
| |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I’d rather upgrade one major version at a time, so Doorkeeper needs to be upgraded to 3.x before it can be upgraded to 4.x (which includes Rails 5 support). Changelog: https://github.com/doorkeeper-gem/doorkeeper/blob/master/NEWS.md#310
* | | | | | | | | | Merge branch 'sentry-filter' into 'master' Robert Speicher2016-04-291-0/+3
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent Rails filtered parameters from leaking to Sentry. As described in their Docs: https://docs.getsentry.com/on-premise/clients/ruby/integrations/rails/ See merge request !3974
| * | | | | | | | | | Prevent Rails filtered parameters from leaking to Sentry.Connor Shea2016-04-281-0/+3
| |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As described in their Docs: https://docs.getsentry.com/on-premise/clients/ruby/integrations/rails/
* | | | | | | | | | Merge branch 'dz-small-ui-fixes' into 'master' Jacob Schatz2016-04-294-20/+24
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move modal css to separate file and fix danger text for confirmation modal * in help file I found css for modal that affect whole application -> moved to separate file * fixed ugly confirmation message when remove project Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> See merge request !3979
| * | | | | | | | | | Move modal css to separate file and fix danger text for confirmation modalDmitriy Zaporozhets2016-04-294-20/+24
| | |_|_|/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | | | | | | | | Merge branch 'duplicate-label-dropdown' into 'master' Jacob Schatz2016-04-293-2/+68
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removes duplicates from the label dropdown It concats the duplicate labels into a single label in the dropdown with the color being a gradient of the differnet colors being concatted. I liked your idea @jschatz1 of using a standard icon color. However, with this i've taken all the duplicated colors & made a little gradient with them so it still half resembles the label colors (this has been limited to 4 or it could get crazy!) ![Screen_Shot_2016-04-28_at_10.35.04](/uploads/41f45f3f92f971e7f38df7a98765cb9d/Screen_Shot_2016-04-28_at_10.35.04.png) Closes #16555, #14820 See merge request !3963
View Lorry Controller Status