delta/gitlab/gitlab-ce.git - gitlab.com: gitlab-org/gitlab-ce.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Update VERSION to 8.13.11v8.13.11	Douglas Barbosa Alexandre	2017-01-10	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.11	Douglas Barbosa Alexandre	2017-01-10	3	-8/+5
\| \| \|	[ci skip]
*	Merge branch 'patch-turbolinks' into 'security'	Robert Speicher	2017-01-09	4	-9/+57
\| \| \| \| \| \|	Updated Turbolinks to patched version of turbolinks-classic See merge request !2048
*	Merge branch 'update-gitlab-markup-gem' into 'master'	Douglas Barbosa Alexandre	2017-01-09	3	-4/+8
\| \| \| \| \| \|	Update the gitlab-markup gem to the version `1.5.1` See merge request !8509
*	Update VERSION to 8.13.10v8.13.10	Alejandro Rodríguez	2016-12-14	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.10	Alejandro Rodríguez	2016-12-14	5	-16/+7
\| \| \|	[ci skip]
*	Fix spec	Rémy Coutable	2016-12-14	1	-2/+0
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Add missing CHANGELOG	Rémy Coutable	2016-12-14	1	-0/+4
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Filter `authentication_token` parameter	Rémy Coutable	2016-12-14	1	-0/+1
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Fix specs	Rémy Coutable	2016-12-14	2	-75/+1
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'rs-filter-params' into 'security'	Rémy Coutable	2016-12-14	1	-1/+3
\| \| \| \| \| \| \| \| \| \|	Filter `incoming_email_token` and `runners_token` parameters Closes https://dev.gitlab.org/gitlab/gitlabhq/issues/2676 See merge request !2045 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-24637-move-issue-visible_to_user-to-finder' into 'security'	Sean McGivern	2016-12-14	9	-95/+90
\| \| \| \| \| \| \| \| \| \|	Issue#visible_to_user moved to IssuesFinder Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24637. See merge request !2039 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-note-search-uses-finder' into 'security'	Douwe Maan	2016-12-14	16	-121/+387
\| \| \| \| \| \| \| \|	Fix missing Note access checks in by moving Note#search to updated NoteFinder See merge request !2035 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '25482-fix-api-sudo' into 'master'	Sean McGivern	2016-12-14	7	-108/+223
\| \| \| \| \| \| \| \| \| \|	API: Memoize the current_user so that the sudo can work properly Closes #25482 See merge request !8017 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Update VERSION to 8.13.9v8.13.9	Alejandro Rodríguez	2016-12-08	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.9	Alejandro Rodríguez	2016-12-08	3	-9/+5
\| \| \|	[ci skip]
*	Merge branch '24537-reenable-private-token-with-sudo' into 'master'	Douwe Maan	2016-12-08	10	-95/+386
\| \| \| \| \| \| \| \| \| \|	Reenables the API /users to return `private-token` when sudo is either a parameter or passed as a header and the user is admin. Closes #24537 See merge request !7615 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'fix-migrations' into 'master'	Sean McGivern	2016-12-08	22	-3/+47
\| \| \| \| \| \| \| \|	Make the `downtime_check` task happy See merge request !7845 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security'	Douwe Maan	2016-12-07	22	-60/+104
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### MR lookup from project - [x] :bomb: app/finders/notes_finder.rb:17 - [x] :warning: app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x] :bomb: app/controllers/concerns/creates_commit.rb:84 - [x] :traffic_light: app/controllers/projects/commits_controller.rb:24 - [x] :traffic_light: app/controllers/projects/compare_controller.rb:56 - [x] :vertical_traffic_light: app/controllers/projects/discussions_controller.rb:29 - [x] :white_check_mark: app/controllers/projects/todos_controller.rb:27 - [x] :vertical_traffic_light: app/models/commit.rb:268 - [x] :white_check_mark: lib/gitlab/search_results.rb:71 ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033
*	Update VERSION to 8.13.8v8.13.8	Alejandro Rodríguez	2016-12-02	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.8	Alejandro Rodríguez	2016-12-02	3	-8/+5
\| \| \|	[ci skip]
*	Merge branch ↵	Sean McGivern	2016-12-02	4	-4/+37
\| \| \| \| \| \| \| \| \| \| \| \|	'24813-project-members-with-developer-access-can-no-longer-create-tags' into 'master' Create tag after running pre-hooks and pass updated SHA to post-hooks Closes #24813 See merge request !7700 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'issue_25064' into 'security'	Douwe Maan	2016-12-02	3	-6/+48
\| \| \| \| \| \| \| \| \|	Ensure state param has a valid value when filtering issuables. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 This fix makes sure we only call safe methods on issuable when filtering by state. See merge request !2038
*	Update VERSION to 8.13.7v8.13.7	Rémy Coutable	2016-11-28	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.7	Rémy Coutable	2016-11-28	7	-24/+9
\| \| \|	[ci skip]
*	Merge branch 'zj-upgrade-grape' into 'master'	Robert Speicher	2016-11-25	3	-3/+7
\| \| \| \| \| \| \| \|	Update grape-entity to 0.6.0 See merge request !7491 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security'	Douwe Maan	2016-11-24	14	-33/+97
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'jej-fix-missing-access-check-on-issues' into 'security'	Douwe Maan	2016-11-24	17	-23/+62
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup without access check (security) - [x] :white_check_mark: app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] :traffic_light: app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] :white_check_mark: app/controllers/projects/todos_controller.rb:19 ### Code smells - [x] Potential double render in app/controllers/projects/todos_controller.rb ### Previous discussions - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030
*	Merge branch 'jej-22869' into 'security'	Douwe Maan	2016-11-24	6	-14/+108
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fix information disclosure in `Projects::BlobController#update` ## What does this MR do? It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023 Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch 'zj-fix-label-creation-non-members' into 'security'	Douwe Maan	2016-11-24	9	-102/+99
\| \| \| \| \| \| \|	Fix label creation non members Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416 See merge request !2006
*	Merge branch '23990-project-show-error-when-empty-repo' into 'master'	Douwe Maan	2016-11-24	3	-1/+50
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	500 error on project show when user is not logged in and project is still empty ## What does this MR do? Aims to fix the 500 error when the project is empty and the user is not logged in and tries to access project#show ## Screenshots (if relevant) When the project is empty and the user is not logged in we default to the empty project partial instead of readme. ![Screen_Shot_2016-11-11_at_22.54.21](/uploads/3d87e65195376c85d3e515e6d5a9a850/Screen_Shot_2016-11-11_at_22.54.21.png) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #23990 See merge request !7376
*	Merge branch 'docs/backport-jira-docs-to-8-13' into '8-13-stable'	Achilleas Pipinellis	2016-11-22	1	-19/+27
\|\ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Backport JIRA api docs to 8-13-stable We need to backport the JIRA API docs that were until recently on master to 8-13-stable also. With 8.14 we simplified the way JIRA is configured and we need a link to point to the old docs. https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7675/diffs#bb2ba7ca0e10bd01609ab50236882ea82a183e60_472_471 See merge request !7677
\| *	Backport JIRA api docs to 8-13-stable	Achilleas Pipinellis	2016-11-22	1	-19/+27
\|/ \| \| \|	[ci skip]
*	Add missing changelog item	Rémy Coutable	2016-11-17	1	-0/+1
\| \| \| \| \| \|	[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Add a missing CHANGELOG item	Rémy Coutable	2016-11-17	1	-0/+1
\| \| \| \| \| \|	[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Update VERSION to 8.13.6v8.13.6	Rémy Coutable	2016-11-17	1	-1/+1
\|
*	Update CHANGELOG.md for 8.13.6	Rémy Coutable	2016-11-17	9	-33/+11
\| \| \|	[ci skip]
*	Merge branch '23824-activity-page-does-not-show-commits-comments' into 'master'	Robert Speicher	2016-11-17	4	-5/+36
\| \| \| \| \| \| \| \| \| \| \|	Allow commit note to be visible if repo is visible ## What does this MR do? It enforces the `:download_code` permission in `Event#visible_to_user?` for commit notes. Closes #23824 See merge request !7504
*	Merge branch 'rs-issue-24527' into 'master'	Sean McGivern	2016-11-17	3	-25/+41
\| \| \| \| \| \| \|	Limit labels returned for a specific project as an administrator Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/24527 See merge request !7496
*	Fix CHANGELOG and remove a spec meant to be on 8.14 only	Rémy Coutable	2016-11-16	2	-75/+0
\| \| \| \|	Signed-off-by: Rémy Coutable <remy@rymai.me>
*	Merge branch '24392-lfs-helper-refactor' into 'master'	Douwe Maan	2016-11-15	2	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move the `objects` method to `LfsHelper` so that it is also available to `LfsStorageController` ## What does this MR do? Move the `objects` method to `LfsHelper` so that it is also available to `LfsStorageController` It is needed for the `lfs_check_access!` callback when the repository size limit is enabled (EE only). cc @stanhu @ahanselka ## Why was this MR needed? Errors shown here: gitlab-org/gitlab-ce#24392 Discovered thanks to gitlab-com/infrastructure#302 ## What are the relevant issue numbers? Fixes #24392 Fixes gitlab-com/support-forum#1280 See merge request !7417
*	Merge branch '24397-load-labels-on-mr-tabs' into 'master'	Sean McGivern	2016-11-15	3	-0/+30
\| \| \| \| \| \| \|	Ensure labels are loaded for all "show" methods of MR Controller Closes #24397 See merge request !7416
*	Merge branch 'fix-cache-for-commit-status' into 'master'	Rémy Coutable	2016-11-15	2	-1/+5
\| \| \| \| \| \| \| \| \|	Fix cache for commit status in commits list to respect branches Fix cache for commit status in commits list to respect branches Closes #24324 See merge request !7372
*	Merge branch 'fix-uncheckable-label-for-force_remove_source_branch' into ↵	Robert Speicher	2016-11-15	2	-1/+5
\| \| \| \| \| \| \| \| \| \| \| \| \|	'master' Clicking "force remove source branch" label now toggles the checkbox again We remove the ID from the hidden tag for `merge_request[force_remove_source_branch]` in order to fix the checkbox toggling when the associated label is clicked. The issue was introduced by !7267 and discovered in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7267#note_18028311. See merge request !7356
*	Merge branch 'split-out-markdown-cache-update' into 'master'	Yorick Peterse	2016-11-15	1	-1/+5
\| \| \| \| \|	Split out markdown cache storage into a separate method See merge request !7277
*	Merge branch '24038-fix-no-register-pane-if-ldap' into 'master'	Sean McGivern	2016-11-15	2	-0/+7
\| \| \| \| \| \| \|	Fix no "Register" tab if ldap auth is enabled (#24038) Closes #24038 See merge request !7274
*	Merge branch 'issue_20245' into 'master'	Robert Speicher	2016-11-15	3	-1/+25
\| \| \| \| \| \| \|	Fix project Visibility level selector not using default values closes #20245 See merge request !7264
*	Merge branch 'adam-fix-wiki-links-markdown' into 'master'	Sean McGivern	2016-11-15	2	-1/+46
\| \| \| \| \| \| \|	Fix relative links in Markdown wiki when displayed in "Project" tab Refers to #23806 See merge request !7218
*	Merge branch 'add-special-char-tests-for-refs-dropdown' into 'master'	Fatih Acet	2016-11-15	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add test for refs dropdown selection with special chars ## What does this MR do? ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !7175
*	Merge branch '23713-milestone-dropdown-not-selected' into 'master'	Robert Speicher	2016-11-15	3	-2/+82
\| \| \| \| \| \| \| \| \| \|	Milestone dropdown does not stay selected Closes #23713 See merge request !7117 Signed-off-by: Rémy Coutable <remy@rymai.me>