| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| |
| |
| | |
Merge 9-5-stable into security-9-5
See merge request gitlab/gitlabhq!2184
|
| |
| |
| |
| |
| |
| |
| | |
Improve migrations / background migrations testing strategy
Closes #36303
See merge request !13589
|
| |
| |
| |
| | |
This reverts commit 775cee737b585cc7fa943af21c1d09141952cbfe.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
'master'
Clear schema cache after running tests for migrations
Closes #37086
See merge request !13870
|
| | |
|
| |
| |
| |
| |
| | |
This reverts commit 6d6223ecdb3b87a061aecf7b2c586cadc0f29695, reversing
changes made to cc7811707424ebd58b71428c9fe27c444dd6169d.
|
| |
| |
| |
| |
| |
| |
| | |
Fixes the fly-out navigation flashing in & out
Closes #37022
See merge request !13929
|
| |
| |
| |
| |
| |
| |
| | |
Rollback changes made to signing_enabled.
Closes #37202
See merge request !13956
|
| |
| |
| |
| |
| |
| |
| | |
Remove closing external issues by reference error
Closes #36820
See merge request !13910
|
| |
| |
| |
| |
| | |
Remove skipped examples in filtered issues feature spec
See merge request !13845
|
| |
| |
| |
| |
| |
| |
| | |
Fix events error importing GitLab projects
Closes #36965
See merge request !13868
|
| |
| |
| |
| |
| |
| |
| |
| | |
Removes disabled state from projects dropdown in dashboard page
Closes #37179
See merge request !13933
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixed fly-out nav jumping
Closes #36699
See merge request !13690
|
| |
| |
| |
| |
| |
| |
| | |
Fixes the diff changes buttons from toggling when scrolling
Closes #36698
See merge request !13894
|
| |
| |
| |
| |
| |
| |
| | |
Make username update fail if namespace update fails
Closes gitlab-com/support-forum#2316
See merge request !13642
|
| |
| |
| |
| |
| |
| |
| | |
fix transient dropdown test failures
Closes #37052 and #34436
See merge request !13862
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
'fix/sm/37040-regression-pipeline-trigger-via-api-fails-with-500-internal-server-error-in-9-5-1' into 'master'
Fix pipeline trigger via API fails with 500 Internal Server Error in 9.5.1
Closes #37040
See merge request !13861
|
| |\
| | |
| | |
| | |
| | | |
Refactor Gitlab::Git::Commit to include a repository and add missing specs
See merge request !13815
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add dynamic navigation tunnel to fly-out menus
Closes #35949
See merge request !13315
|
| | |
| | |
| | |
| | |
| | | |
Optimize notification emails specs
See merge request !13986
|
| | |
| | |
| | |
| | |
| | | |
Improve flaky ACE editor spec
See merge request !13854
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Simplify system hook testing and guarantee test will fire
Closes #37067
See merge request !13858
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bugfix.notify custom participants
Closes #36610
See merge request !13680
|
| | |
| | |
| | |
| | |
| | | |
Fix failure when issue author is nil
See merge request !13807
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
[9.5] Prevent a persistent XSS in the commit author block
See merge request gitlab/gitlabhq!2180
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We now make use of the `content_tag` helper so that the untrusted input
is escaped and the trusted output is then automatically safe. When we
don't need to wrap the name in a `span` tag (when `avatar` is falsey),
it's treated as unsafe by default, so no further sanitization/escaping
is necessary.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
[9.5] Limit `style` attribute on `th` and `td` elements to specific properties
See merge request gitlab/gitlabhq!2155
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Previously we whitelisted the entire `style` attribute on `th` and `td`
elements, in order to allow Markdown table alignment to work. But this
opened us up to a potential exploit by allowing a malicious user to
define properties besides `text-align` in the attribute.
We now remove everything except `text-align: (center|left|right)`.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
[9.5] Prevent project creation (blank, import or fork) when repository already exists on disk
See merge request gitlab/gitlabhq!2170
|
| | | | | | |
|
| | | | | | |
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
exists on disk
There are some redundancies in the validation steps, and that is to
preserve current error messages behavior
Also few specs have to be changed in order to fix madness in validation
logic.
|
|\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | | |
[9.5] Disallow the `name` attribute on all user-provided markup
See merge request gitlab/gitlabhq!2166
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A malicious user was able to do something like
<img src="" name="getElementById">
to override the `document.getElementById` method, which would result in
JavaScript errors being thrown.
See https://gitlab.com/gitlab-org/gitlab-ce/issues/36104
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes race condition in project uploads
See merge request !2141
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix XSS issue in go-get handling
See merge request !2128
|
|\ \ \ \
| | |/ /
| |/| | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fire system hooks when a user is created via LDAP or OAuth
Closes #37073
See merge request !13846
|
|\ \ \ \
| |/ / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix old MR diffs
Closes #36516
See merge request !13744
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix displaying events of removed events and events without commit messages
Closes #36685 and #36722
See merge request !13721
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove tooltip from filtered search user
Closes #36696
See merge request !13752
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Support simple string LDAP attribute specifications, and search for name rather…
Closes #36841
See merge request !13776
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Stub `ForkedStorageCheck.storage_available?` by default in all specs
See merge request !13726
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Fix inability to test some project integrations
Closes gitlab-ee#3194
See merge request !13729
|