| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
As we have a central domain for auto merge process today,
we should use a single worker for any auto merge process.
|
|\
| |
| |
| |
| |
| |
| | |
Fix project settings not being able to update
Closes #62708
See merge request gitlab-org/gitlab-ce!29097
|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously import_url would always be present in the update parameters,
which would cause the validation to fail. We now only include this
parameter only if there is URL given.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62708
|
| |
| |
| |
| |
| |
| |
| |
| | |
This commit is the result of running `yarn eslint --fix` after enabling
the `no-implicit-coercion` ESLint rule. This rule has been added to
our ESLint config here:
https://gitlab.com/gitlab-org/gitlab-eslint-config/merge_requests/14
|
|/ |
|
| |
|
|\ |
|
| |\
| | |
| | |
| | |
| | | |
Reject slug+uri concat if slug is deemed unsafe
See merge request gitlab/gitlabhq!3108
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
First reported:
https://gitlab.com/gitlab-org/gitlab-ce/issues/60143
When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.
|
| |\ \
| | | |
| | | |
| | | |
| | | | |
Persistent XSS in note objects CE
See merge request gitlab/gitlabhq!3075
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatically update MR merge-ref along merge status
Closes #58495
See merge request gitlab-org/gitlab-ce!28513
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This introduces payload to the ServiceResponse with
the merge ref HEAD commit data
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This couples the code that transitions the `MergeRequest#merge_status`
and refs/merge-requests/:iid/merge ref update.
In general, instead of directly telling `MergeToRefService` to update
the merge ref, we should rely on `MergeabilityCheckService` to keep
both the merge status and merge ref synced. Now, if the merge_status is
`can_be_merged` it means the merge-ref is also updated to the latest.
We've also updated the logic to be more systematic and less user-based.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Do not display Update app button when saving Knative domain name
Closes #58269
See merge request gitlab-org/gitlab-ce!28904
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
They are used to indicate when knative domain name
has changed
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The new component also implements several improvements in the
knative domain editor workflow:
- Display a loading spinner when saving changes in the domain name
- Display success toast message indicating changes were saved
successfully.
- Display error message in the contraty occurs
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- Renames attributes from stat to project_statistiscs_name and attribute
to statistic_attribute
- Reordes methods on UpdateProjectStatistics concern
- Removes unused module from Ci::Build
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add global isSafeURL utility
See merge request gitlab-org/gitlab-ce!28943
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Added isSafeURL utility based on prior work in gitlab-ee
- Also added isAbsoluteOrRootRelative() and getBaseURL() utils,
needed by isSafeURL
- Removed URL() fallback because URL() is now polyfilled
- Updated specs
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | |_|_|/ / /
| |/| | | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Prevent password sign in restriction bypass
See merge request gitlab/gitlabhq!2702
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Resolve: Milestones leaked via search API
Closes #2822
See merge request gitlab/gitlabhq!2997
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Fix milestone titles being leaked using search API
when users cannot read milestones
|
| |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Disallow invalid MR branch name
See merge request gitlab/gitlabhq!3052
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Continuation of 426488b7218e85ce69868ae4628801af2322b74a
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.
HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.
Another special case is `refs/head/*`, which can be imported.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Handling password on import by url page
See merge request gitlab/gitlabhq!3061
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Protect Gitlab::HTTP against DNS rebinding attack
See merge request gitlab/gitlabhq!3071
|
| | | | | | | | | | | | |
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
|
| |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Fix url redaction for issue links
See merge request gitlab/gitlabhq!3091
|
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Add changelog entry
Add missing href to all redactor specs and removed href assignment
Remove obsolete spec
If original_content is given, it should be used for link content
|
| |\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Hide issue title on unsubscribe for anonymous users
See merge request gitlab/gitlabhq!3097
|
| | | | | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \
| | |_|_|/ / / / / / / / / /
| |/| | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
'master'
Fix confidential issue label disclosure on milestone view
See merge request gitlab/gitlabhq!3098
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Add changelog entry
Method should be public
Use milestonish method
Use render data to filter labels
Add specs for label visibility on milestone
|
|\ \ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
Add Namespace and ProjectStatistics to GraphQL API
See merge request gitlab-org/gitlab-ce!28277
|
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
We can query namespaces, and nested projects.
Projects now exposes statistics
|