summaryrefslogtreecommitdiff
path: root/spec
Commit message (Collapse)AuthorAgeFilesLines
* Fixed Test for Notes SpecTim Zallmann2017-09-051-3/+2
|
* Fixes vulnerability in posting a comment in the temporary renderingTim Zallmann2017-09-051-0/+15
|
* Merge branch '9-5-stable' into 'security-9-5'Brian Neel2017-09-0430-278/+460
|\ | | | | | | | | Merge 9-5-stable into security-9-5 See merge request gitlab/gitlabhq!2184
| * Merge branch 'backstage/gb/migrations-tests-schema-version' into 'master'9-5-stable-patch-3Sean McGivern2017-09-025-28/+47
| | | | | | | | | | | | | | Improve migrations / background migrations testing strategy Closes #36303 See merge request !13589
| * Revert "Make it possible to provide schema version in tests"Stan Hu2017-09-023-24/+25
| | | | | | | | This reverts commit 775cee737b585cc7fa943af21c1d09141952cbfe.
| * Merge branch 'fix/gb/clear-schema-cache-after-running-migration-tests' into ↵Sean McGivern2017-09-021-0/+2
| | | | | | | | | | | | | | | | | | 'master' Clear schema cache after running tests for migrations Closes #37086 See merge request !13870
| * Make it possible to provide schema version in testsGrzegorz Bizon2017-09-023-25/+24
| |
| * Revert "Merge branch '37179-dashboard-project-dropdown' into 'master'"Phil Hughes2017-09-011-0/+15
| | | | | | | | | | This reverts commit 6d6223ecdb3b87a061aecf7b2c586cadc0f29695, reversing changes made to cc7811707424ebd58b71428c9fe27c444dd6169d.
| * Merge branch 'fly-out-nav-hiding-fix' into 'master'Filipa Lacerda2017-09-011-0/+27
| | | | | | | | | | | | | | Fixes the fly-out navigation flashing in & out Closes #37022 See merge request !13929
| * Merge branch '37202-revert-changes-to-signing-enabled' into 'master'Douwe Maan2017-09-014-18/+17
| | | | | | | | | | | | | | Rollback changes made to signing_enabled. Closes #37202 See merge request !13956
| * Merge branch 'issue_36820' into 'master'Sean McGivern2017-09-011-0/+2
| | | | | | | | | | | | | | Remove closing external issues by reference error Closes #36820 See merge request !13910
| * Merge branch 'rs-remove-filtered-issues-skips' into 'master'Douwe Maan2017-09-011-50/+0
| | | | | | | | | | Remove skipped examples in filtered issues feature spec See merge request !13845
| * Merge branch 'fix/import-events' into 'master'Sean McGivern2017-09-012-1/+6
| | | | | | | | | | | | | | Fix events error importing GitLab projects Closes #36965 See merge request !13868
| * Merge branch '37179-dashboard-project-dropdown' into 'master'Phil Hughes2017-09-011-15/+0
| | | | | | | | | | | | | | | | Removes disabled state from projects dropdown in dashboard page Closes #37179 See merge request !13933
| * Merge branch 'fly-out-nav-jump-fix' into 'master'Tim Zallmann2017-09-011-25/+13
| | | | | | | | | | | | | | | | Fixed fly-out nav jumping Closes #36699 See merge request !13690
| * Merge branch 'changes-bar-sticky-fix' into 'master'Filipa Lacerda2017-09-011-0/+11
| | | | | | | | | | | | | | Fixes the diff changes buttons from toggling when scrolling Closes #36698 See merge request !13894
| * Merge branch 'mk-fix-user-namespace-rename' into 'master'Douwe Maan2017-09-013-3/+76
| | | | | | | | | | | | | | Make username update fail if namespace update fails Closes gitlab-com/support-forum#2316 See merge request !13642
| * Merge branch 'fix-flakes' into 'master'Robert Speicher2017-09-013-3/+3
| | | | | | | | | | | | | | fix transient dropdown test failures Closes #37052 and #34436 See merge request !13862
| * Merge branch ↵Kamil Trzciński2017-09-012-15/+27
| | | | | | | | | | | | | | | | | | 'fix/sm/37040-regression-pipeline-trigger-via-api-fails-with-500-internal-server-error-in-9-5-1' into 'master' Fix pipeline trigger via API fails with 500 Internal Server Error in 9.5.1 Closes #37040 See merge request !13861
| * Merge branch 'gitaly-9-5-2-patch' into '9-5-stable-patch-3'Robert Speicher2017-09-014-36/+50
| |\ | | | | | | | | | | | | Refactor Gitlab::Git::Commit to include a repository and add missing specs See merge request !13815
| | * Add spec for Gitlab::Git::Commit#rugged_commitgitaly-9-5-2-patchAlejandro Rodríguez2017-08-241-0/+11
| | |
| | * Refactor Gitlab::Git::Commit to include a repositoryAlejandro Rodríguez2017-08-244-36/+39
| | |
| * | Merge branch 'fly-out-tunnel' into 'master'Filipa Lacerda2017-09-011-40/+151
| | | | | | | | | | | | | | | | | | | | | | | | Add dynamic navigation tunnel to fly-out menus Closes #35949 See merge request !13315
| * | Merge branch 'backstage/gb/optimize-notification-specs' into 'master'Robert Speicher2017-09-012-67/+33
| | | | | | | | | | | | | | | Optimize notification emails specs See merge request !13986
| * | Merge branch 'sh-improve-flaky-ace-editor-spec' into 'master'Robert Speicher2017-09-011-2/+1
| | | | | | | | | | | | | | | Improve flaky ACE editor spec See merge request !13854
| * | Merge branch 'sh-simplify-system-hook-testing' into 'master'Douwe Maan2017-09-011-27/+6
| | | | | | | | | | | | | | | | | | | | | Simplify system hook testing and guarantee test will fire Closes #37067 See merge request !13858
| * | Merge branch 'bugfix.notify-custom-participants' into 'master'Sean McGivern2017-09-011-3/+14
| | | | | | | | | | | | | | | | | | | | | Bugfix.notify custom participants Closes #36610 See merge request !13680
| * | Merge branch '36860-deleted-user-fix' into 'master'Sean McGivern2017-09-011-0/+14
| | | | | | | | | | | | | | | Fix failure when issue author is nil See merge request !13807
* | | Merge branch 'fix-escape-commit-block' into 'security-9-5'Douwe Maan2017-09-041-0/+22
|\ \ \ | | | | | | | | | | | | | | | | [9.5] Prevent a persistent XSS in the commit author block See merge request gitlab/gitlabhq!2180
| * | | Unmark the commit author/committer link as HTML-safeRobert Speicher2017-09-011-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now make use of the `content_tag` helper so that the untrusted input is escaped and the trusted output is then automatically safe. When we don't need to wrap the name in a `span` tag (when `avatar` is falsey), it's treated as unsafe by default, so no further sanitization/escaping is necessary.
* | | | Merge branch 'rs-issue-36098' into 'security-9-5'Robert Speicher2017-08-311-3/+17
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | [9.5] Limit `style` attribute on `th` and `td` elements to specific properties See merge request gitlab/gitlabhq!2155
| * | | | Limit `style` attribute on `th` and `td` elements to specific propertiesRobert Speicher2017-08-101-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we whitelisted the entire `style` attribute on `th` and `td` elements, in order to allow Markdown table alignment to work. But this opened us up to a potential exploit by allowing a malicious user to define properties besides `text-align` in the attribute. We now remove everything except `text-align: (center|left|right)`.
* | | | | Merge branch '36743-existing-repo-9-5' into 'security-9-5'Douwe Maan2017-08-3115-15/+117
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | [9.5] Prevent project creation (blank, import or fork) when repository already exists on disk See merge request gitlab/gitlabhq!2170
| * | | | | fix transient test failures caused by wrong dropdown triggerSimon Knox2017-08-293-3/+3
| | | | | |
| * | | | | Fix import_file_specGabriel Mazetto2017-08-281-0/+1
| | | | | |
| * | | | | Prevent new / renamed project from using a repository path that already ↵Gabriel Mazetto2017-08-2812-12/+113
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | exists on disk There are some redundancies in the validation steps, and that is to preserve current error messages behavior Also few specs have to be changed in order to fix madness in validation logic.
* | | | | Merge branch 'rs-issue-36104' into 'security-9-5'Douwe Maan2017-08-302-2/+12
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | [9.5] Disallow the `name` attribute on all user-provided markup See merge request gitlab/gitlabhq!2166
| * | | | Disallow the `name` attribute on all user-provided markupRobert Speicher2017-08-162-2/+12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A malicious user was able to do something like <img src="" name="getElementById"> to override the `document.getElementById` method, which would result in JavaScript errors being thrown. See https://gitlab.com/gitlab-org/gitlab-ce/issues/36104
* | | | resolve conflicts from 4c7449e4d4ba9016acc6376f759856355d4fbe88Simon Knox2017-08-291-9/+1
| | | |
* | | | Merge branch 'race-condition-in-project-uploads-fix-9-4' into 'security-9-4'Sean McGivern2017-08-291-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | Fixes race condition in project uploads See merge request !2141
* | | | Merge branch 'dm-go-get-xss' into 'security-9-3'Robert Speicher2017-08-291-1/+17
| | | | | | | | | | | | | | | | | | | | Fix XSS issue in go-get handling See merge request !2128
* | | | Merge branch '9-5-stable' into security-9-5Simon Knox2017-08-291-1/+16
|\ \ \ \ | | |/ / | |/| |
| * | | Merge branch 'sh-system-hooks-ldap-users' into 'master'Grzegorz Bizon2017-08-271-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fire system hooks when a user is created via LDAP or OAuth Closes #37073 See merge request !13846
* | | | Merge branch '9-5-stable' into security-9-5Gabriel Mazetto2017-08-278-27/+183
|\ \ \ \ | |/ / /
| * | | Merge branch 'fix-old-mr-diffs' into 'master'9-5-stable-patch-2Douwe Maan2017-08-251-4/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix old MR diffs Closes #36516 See merge request !13744
| * | | Merge branch 'fix-push-events-branch-removals' into 'master'Sean McGivern2017-08-252-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix displaying events of removed events and events without commit messages Closes #36685 and #36722 See merge request !13721
| * | | Merge branch 'remove-tooltip-filtered-search-user' into 'master'Tim Zallmann2017-08-251-6/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove tooltip from filtered search user Closes #36696 See merge request !13752
| * | | Merge branch 'dm-ldap-adapter-attributes' into 'master'Robert Speicher2017-08-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Support simple string LDAP attribute specifications, and search for name rather… Closes #36841 See merge request !13776
| * | | Merge branch 'rs-stub-storage-availability-check' into 'master'Douwe Maan2017-08-242-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | Stub `ForkedStorageCheck.storage_available?` by default in all specs See merge request !13726
| * | | Merge branch 'fix-broken-testing-of-some-integrations' into 'master'Douwe Maan2017-08-241-10/+32
| | |/ | |/| | | | | | | | | | | | | | | | Fix inability to test some project integrations Closes gitlab-ee#3194 See merge request !13729
View Lorry Controller Status