summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Removed "unreleased" from 8.7.0 changelogupdate-87-unreleasedYorick Peterse2016-04-221-1/+1
| | | | [ci skip]
* Merge branch 'issue_3799' into 'master' Rémy Coutable2016-04-224-1/+43
|\ | | | | | | | | | | | | | | | | Allow filtering by Owned projects on dashboard page Closes #3799 ![Screen_Shot_2016-04-15_at_9.40.52_PM](/uploads/440498c5647bda282304891307931a02/Screen_Shot_2016-04-15_at_9.40.52_PM.png) See merge request !3762
| * Merge remote-tracking branch 'origin/master' into issue_3799Alfredo Sumaran2016-04-21309-1422/+4992
| |\
| * | Update CHANGELOGAlfredo Sumaran2016-04-211-0/+1
| | |
| * | Do not display filters if user if there's no current_userAlfredo Sumaran2016-04-211-7/+8
| | |
| * | Use compact syntaxAlfredo Sumaran2016-04-211-4/+1
| | |
| * | Add testsAlfredo Sumaran2016-04-181-0/+30
| | |
| * | Remove Spinach featureAlfredo Sumaran2016-04-182-19/+0
| | |
| * | Allow filtering by Owned projectsAlfredo Sumaran2016-04-184-1/+33
| | |
* | | Merge branch 'doc-gh-import-additions' into 'master' Achilleas Pipinellis2016-04-221-5/+9
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Add newest enhancements to GH importer docs [ci skip] See merge request !3867
| * | | Add newest enhancements to GH importer docsAchilleas Pipinellis2016-04-221-5/+9
| | | | | | | | | | | | | | | | [ci skip]
* | | | Merge branch 'confirmation-screen' into 'master' Robert Speicher2016-04-229-4/+64
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improved email confirmation UX Closes #4228 See merge request !3184
| * | | | Improved confirmation UXconfirmation-screenPhil Hughes2016-04-219-4/+64
| |/ / / | | | | | | | | | | | | Closes #4228
* | | | Merge branch 'doc_note_cherry_pick' into 'master' Achilleas Pipinellis2016-04-221-1/+2
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use new Note styleguide See merge request !3866
| * | | | Use new Note styleguideAchilleas Pipinellis2016-04-221-1/+2
| |/ / / | | | | | | | | | | | | [ci skip]
* | | | Merge branch 'rs-diff_view' into 'master' Rémy Coutable2016-04-225-12/+29
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always read diff_view setting from the cookie Prior, when the user had their view set to "parallel" and then visited a merge request's changes tab _without_ passing the `view` parameter via query string, the view would be parallel but the `Notes` class was always instantiated with the default value from `diff_view` ("inline"), resulting in broken markup when the form to add a line note was dynamically inserted. The cookie is set whenever the view is changed, so this value should always be up-to-date. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14557 and https://gitlab.com/gitlab-org/gitlab-ce/issues/15285 See merge request !3732
| * | | | Clarify that the diff view setting always comes from the cookiers-diff_viewRobert Speicher2016-04-192-10/+1
| | | | | | | | | | | | | | | | | | | | This invalidates one test, which we've removed.
| * | | | Always read diff_view setting from the cookieRobert Speicher2016-04-143-2/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior, when the user had their view set to "parallel" and then visited a merge request's changes tab _without_ passing the `view` parameter via query string, the view would be parallel but the `Notes` class was always instantiated with the default value from `diff_view` ("inline"), resulting in broken markup when the form to add a line note was dynamically inserted. The cookie is set whenever the view is changed, so this value should always be up-to-date. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14557
* | | | | Merge branch 'fix/private-labels-permissions' into 'master' Grzegorz Bizon2016-04-226-23/+93
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix vulnerability that leaks private labels and milestones ## Summary This fixes vulnerability that leaks information about private labels and milestones because of insecure direct object reference in issueable create service. This affects merge requests and issues. See https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 ## Fix This MR introduces additional check that rejects labels and milestone that does not belong to the same project issue/merg request does. ## Further work `IssuableBaseService` may benefit from encapsulating filters in separate class/module, which then may improve coherency in this class. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 See merge request !1954
| * | | | Add Changelog entry for private labels security fixGrzegorz Bizon2016-04-221-0/+1
| | | | |
| * | | | Use association search in issuable create serviceGrzegorz Bizon2016-04-222-12/+12
| | | | |
| * | | | Add affinity checks in issue create serviceGrzegorz Bizon2016-04-221-2/+9
| | | | |
| * | | | Update specs to accomodate issuable assign changesGrzegorz Bizon2016-04-224-21/+31
| | | | |
| * | | | Verify label affiliation before assigning to issueGrzegorz Bizon2016-04-222-2/+54
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | This also verify if milestone belongs to correct project before creating a new issue. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439
* | | | Merge branch 'label-text-color-sidebar' into 'master' Robert Speicher2016-04-213-3/+3
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes text color on labels in sidebar Previously the labels in the sidebar would just have `#FFF` text color which could cause problems with a light background color. With this, the text color comes from the JSON. See merge request !3846
| * | | | Reverted label link helperlabel-text-color-sidebarPhil Hughes2016-04-211-1/+1
| | | | |
| * | | | Reverted link changesPhil Hughes2016-04-212-5/+5
| | | | |
| * | | | Removed console.logPhil Hughes2016-04-211-1/+0
| | | | |
| * | | | Updated testsPhil Hughes2016-04-211-4/+4
| | | | |
| * | | | Fixes text color on labels in sidebarPhil Hughes2016-04-214-5/+6
| | | | |
* | | | | Merge branch '15465-fix-sort-by-due-date' into 'master' Yorick Peterse2016-04-212-3/+14
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Remove the `.distinct` when finding issues See merge request !3858
| * | | | | Remove the `.distinct` when finding issues15465-fix-sort-by-due-dateRémy Coutable2016-04-212-3/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is not needed anymore after !3815. Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | | | | Merge branch 'repository-checks-default-off' into 'master' Yorick Peterse2016-04-214-4/+16
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable 'repository check' feature in 8.7.0 See merge request !3856
| * | | | | | Disable 'repository check' feature in 8.7.0Jacob Vosmaer2016-04-214-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It still causes too many false alarms.
* | | | | | | Merge branch 'remove-update-files' into 'master' Yorick Peterse2016-04-215-3/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removed JS update templates See merge request !3814
| * | | | | | | Removed JS update templatesremove-update-filesPhil Hughes2016-04-195-3/+1
| | | | | | | |
* | | | | | | | Merge branch '15413-firefox-line-numbers' into 'master' Jacob Schatz2016-04-211-0/+5
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove float from blame link icon Closes #15413 <img src="/uploads/af6aea9102e1b42e5e92783ce818863c/Screen_Shot_2016-04-21_at_1.57.56_PM.png" width="200px"> See merge request !3861
| * | | | | | | | Remove float from iconAnnabel Dunstone2016-04-211-0/+5
| | |_|_|_|_|_|/ | |/| | | | | |
* | | | | | | | Merge remote-tracking branch 'dev/master' into 'master'Robert Speicher2016-04-213-5/+17
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | |
| * | | | | | | Merge branch 'dev_issue_15331' into 'master' Robert Speicher2016-04-213-5/+17
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes window.opener bug Adds `noreferrer` value to rel attribute for external links REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331 See merge request !1953
| | * | | | | | | Fix failing specAlfredo Sumaran2016-04-213-4/+16
| | | | | | | | |
| | * | | | | | | Add noreferrer value to rel attribute for external linksAlfredo Sumaran2016-04-201-1/+1
| | | | | | | | |
* | | | | | | | | Merge branch 'doc-updating-gitlab' into 'master' Achilleas Pipinellis2016-04-212-8/+167
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the update documentation See merge request !3822
| * | | | | | | | | Split into sections, port `downgrade_ee_to_ce` doc from EEdoc-updating-gitlabAchilleas Pipinellis2016-04-212-8/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
| * | | | | | | | | Fix links in update READMEAchilleas Pipinellis2016-04-191-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | | | | | Merge branch 'test-db-migrate' into 'master' Stan Hu2016-04-211-0/+5
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add db:migrate:reset task to CI Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> cc @DouweM @stanhu See merge request !3788
| * | | | | | | | | | Add db:migrate task to CIDmitriy Zaporozhets2016-04-211-0/+5
| | |/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | | | | | | | | Merge branch 'instrument-gitlab-access' into 'master' Rémy Coutable2016-04-212-0/+5
|\ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instrument Gitlab::GitAccess/GitAccessWiki See merge request !3859
| * | | | | | | | | Instrument Gitlab::GitAccess/GitAccessWikiYorick Peterse2016-04-212-0/+5
| | |_|_|_|/ / / / | |/| | | | | | |
* | | | | | | | | Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab-ceRémy Coutable2016-04-219-99/+155
|\ \ \ \ \ \ \ \ \
View Lorry Controller Status