| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix invalid Atom feeds when using emoji, horizontal rules, or images
This is a fix for issues #880, #723, #1113.
Markdown must be rendered to XHTML, not HTML, when generating summary content for Atom feeds. Otherwise, content-less tags like *img* and *hr* are not terminated and make the Atom XML invalid. Such tags are generated when issue descriptions, merge request descriptions, comments, or commit messages use emoji, horizontal rules, or images.
To pass this option through from the relevant Haml templates to the proper place in the `gfm()` method, a new method `gfm_with_options()` is introduced. It reuses the options dictionary passed to `markdown()` and interprets options `xhtml` and `parse_tasks` from it (the latter was a convenient replacement for `gfm_with_tasks()`). `xhtml` is already interpreted by Redcarpet::Render::HTML, but that alone was not sufficient, because the post-processing in `gfm()` would convert its XHTML tags back to HTML.
I found no way of passing additional optional options to the existing `gfm()` method without requiring updates to existing callers and without getting in the way of the existing optional arguments, but maybe someone who knows more about Ruby than I can think of one.
Thorough review appreciated since this is the first time I have used Ruby.
See merge request !344
|
| | |
| |
| |
| | |
Fixes issues #880, #723, #1113: Markdown must be rendered to XHTML, not HTML, when generating summary content for Atom feeds. Otherwise, content-less tags like <img> and <hr>, generated when issue descriptions, merge request descriptions, comments, or commit messages use emoji, horizontal rules, or images, are not terminated and make the Atom XML invalid.
|
| | |
| |
| |
| |
| | |
This reverts commit c42262b43b009af990e5769840391862d64a1c2d, reversing
changes made to c6586b1283a94c8f08bc669f4d8a9384b263073e.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change permissions on backup files
Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files. See #1894. Now the backup task recursively `chmod`s the `db/`, `uploads/`, and `repositories/` folders with 0700 permissions, and the tar file is created as 0600.
cc @sytse
See merge request !1703
|
| | | |
| | |
| | |
| | |
| | | |
Use more restrictive permissions for backup tar files and for the db,
uploads, and repositories directories inside the tar files.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Restricted visibility levels - bug fix and new feature
This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI. See #1903.
## Move configuration location
I added a new section to the application settings page for restricted visibility levels. Each level has a checkbox, styled with Bootstrap to look like a toggle button. A checked box means that the level is restricted. I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked. This image shows the new section with the "Public" box checked:
## Allow admins to override
To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class. The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden. We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level.
The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes. Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update). I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected.
Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers. The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent. I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do. And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level.
## TODO
* [x] Add more tests for restricted visibility functionality
cc @sytse @dzaporozhets
See merge request !1655
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
Conflicts:
db/schema.rb
|
| | | | |
| | | |
| | | |
| | | | |
Bug fixes and new tests for the restricted visibility changes.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add new service classes to create and update project and personal
snippets. These classes are responsible for enforcing restricted
visibility settings for non-admin users.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Allow admins to use restricted visibility levels when creating or
updating projects.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Add checkboxes to the application settings page for restricted
visibility levels, and remove those settings from gitlab.yml.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |/ /
|/| | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Unblock user if they were unblocked in AD.
Fixes problem with !1687.
See merge request !1694
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Execute hooks and services when branch or tag is created or deleted through web interface.
Fixes #2095.
Split up into commits to make it easier to see why what was changed :)
See merge request !1692
|
| | |/ / / |
|
| |/ / / |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
Add blue theme to GitLab
See merge request !1682
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow smb:// links in Markdown text.
As requested by Sam McLeod at https://gitlab.com/gitlab-org/gitlab-ce/issues/1184
See merge request !1669
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix code preview theme setting for comments, issues, merge requests, and snippets
User color scheme was not being used: default white color scheme was always chosen. Also, default background for code in notes was always overriding the user color scheme.
Closes #1139
See merge request !357
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
snippets.
Also preserve code preview color scheme in events dashboard.
Assign default colors to all code blocks shown as <pre class="code highlight [color_scheme]">
Closes #1139
|
| |\ \ \ \ |
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Generate valid json
This patch helps to be compatible to other programing languages as it improves the validation of hook data. It seems only ruby can handle 'nil' as value while other json decode function will fatal.
See merge request !182
|
| | | |/ / /
| | | | |
| | | | |
| | | | |
| | | | | |
It seems that ruby can handle 'nil' value but other json processors
(like PHP) throw an error. This is always generated for empty arrays.
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Escape wildcards when searching LDAP by username.
Addresses https://dev.gitlab.org/gitlab/gitlabhq/issues/2086.
Also see https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/344 and https://dev.gitlab.org/gitlab/omniauth-ldap/merge_requests/2.
See merge request !1644
|
| | | | | | | |
|
| | |/ / / /
|/| | | | |
|
| | |/ / /
|/| | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatically link commit ranges to compare page.
Closes #2103
Implemented as proposed in the last paragraph of the issue:
> We could do something similar to Ruby, where `1..5` means `1,2,3,4,5` and `1...5` means `1,2,3,4`: `..` means inclusive, `...` means exclusive. In our case, `sha1...sha4` would mean `sha2,sha3,sha4` (exclusive with regards to `sha1`) and `sha1..sha4` would mean `sha1^...sha4`, i.e. `sha1,sha2,sha3,sha4` (inclusive to `sha1`).
- `sha1...sha4` now links to `compare/sha1...sha4`
- `sha1..sha4` now links to `compare/sha1^...sha4`.
See merge request !1649
|
| | | |/ /
| |/| | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Ruby str_equal uses memcmp internally to compare String.
Memcmp is vunerable to timing attacks because it returns early
on mismatch (on most x32 platforms memcmp uses a bytewise comparision).
Devise.secure_compare implements a constant time comparision instead.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Supports four different event types all bundled under the "note" event type:
- comments on a commit
- comments on an issue
- comments on a merge request
- comments on a code snippet
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Increase timeout for Git-over-HTTP requests.
Fixes #2081 and https://gitlab.com/gitlab-org/gitlab-ce/issues/232.
Normal web requests are bound by the `Rack::Timeout` timeout of 60 seconds, while Grack Git-over-HTTP requests are only bound by Unicorn's timeout which is now set to 1 hour, which should be plenty.
The omnibus package should be updated to no longer use `unicorn['worker_timeout']` for the Unicorn timeout, but to set the `Slowpoke.timeout`.
See merge request !1619
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add more Slack notifications for issue and merge request events
From https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/237 by Stan Hu.
See merge request !1556
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
1) Adds a DB migration for all services to toggle on push, issue, and merge events.
2) Upon an issue or merge request event, fire service hooks.
3) Slack service supports custom messages for each of these events. Other services
not supported at the moment.
4) Label merge request hooks with their corresponding actions.
|
| | |/ /
|/| | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix namespace in merge request url building
Changes in 42387b733b76dfc1f72585015910a50f094e264f now require namespace specification and broke abc69c890513fb58c1ceae7548f4fbcc221b7c34.
There are additional helper functions in c530ca00b0f40ec0e0df4d1885ce55e47a59b70d, but this seemed easier not to rely on them.
See merge request !363
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Don't leak information about private project existence via Git-over-SSH/HTTP.
Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343.
Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it.
See merge request !1578
|
| | | | | | |
|
| |\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Render go-import meta tag for private repos.
The previously solution (626f5bab3580926842aa6247e052008ddf1ca571) required a change to nginx config and broke visits from Googlebot and other clients including "go" in their user agent.
See merge request !1587
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/mattes/gitlabhq into mattes-go-get-workaround-nginx"
This reverts commit 51349ca3c83c56e072f87253d375316f7164b49a, reversing
changes made to b180476bd69bdf99b1727b041116fa8447c0201f.
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix merge request URL passed to Webhooks
If you look at the data structure passed to Webhooks, you will see:
`"url"=>nil`
I don't think any of the Webhooks or services are using this yet, so right now nothing so far depends upon this value being correct.
See merge request !352
|
