From e297c4175df7a3af12dfff5bb9947560ce8add17 Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Sun, 10 Dec 2017 10:02:50 +0100 Subject: Fixed doc for create MR from email * fixed anchor for create MR from email * added a screenshot for this feature --- doc/administration/reply_by_email.md | 8 +++++--- .../project/merge_requests/img/create_from_email.png | Bin 0 -> 152975 bytes doc/user/project/merge_requests/index.md | 9 +++++++-- 3 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 doc/user/project/merge_requests/img/create_from_email.png diff --git a/doc/administration/reply_by_email.md b/doc/administration/reply_by_email.md index 1304476e678..3a2cced37bf 100644 --- a/doc/administration/reply_by_email.md +++ b/doc/administration/reply_by_email.md @@ -89,9 +89,11 @@ email address in order to sign up. If you also host a public-facing GitLab instance at `hooli.com` and set your incoming email domain to `hooli.com`, an attacker could abuse the "Create new -issue by email" feature by using a project's unique address as the email when -signing up for Slack, which would send a confirmation email, which would create -a new issue on the project owned by the attacker, allowing them to click the +issue by email" or +"[Create new merge request by email](../user/project/merge_requests/index.md#create-new-merge-requests-by-email)" +features by using a project's unique address as the email when signing up for +Slack, which would send a confirmation email, which would create a new issue or +merge request on the project owned by the attacker, allowing them to click the confirmation link and validate their account on your company's private Slack instance. diff --git a/doc/user/project/merge_requests/img/create_from_email.png b/doc/user/project/merge_requests/img/create_from_email.png new file mode 100644 index 00000000000..71eb4bf267d Binary files /dev/null and b/doc/user/project/merge_requests/img/create_from_email.png differ diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md index b5c3f74a113..7037d7f5989 100644 --- a/doc/user/project/merge_requests/index.md +++ b/doc/user/project/merge_requests/index.md @@ -27,7 +27,7 @@ With GitLab merge requests, you can: - [Resolve merge conflicts from the UI](#resolve-conflicts) - Enable [fast-forward merge requests](#fast-forward-merge-requests) - Enable [semi-linear history merge requests](#semi-linear-history-merge-requests) as another security layer to guarantee the pipeline is passing in the target branch -- [Create new merge requests by email](#create_by_email) +- [Create new merge requests by email](#create-new-merge-requests-by-email) With **[GitLab Enterprise Edition][ee]**, you can also: @@ -139,7 +139,12 @@ address. The address can be obtained on the merge requests page by clicking on a **Email a new merge request to this project** button. The subject will be used as the source branch name for the new merge request and the target branch will be the default branch for the project. The message body (if not empty) -will be used as the merge request description. +will be used as the merge request description. You need +["Reply by email"](../../../administration/reply_by_email.md) enabled to use +this feature. If it's not enabled to your instance, you may ask your GitLab +administrator to do so. + +![Create new merge requests by email](img/create_from_email.png) ## Revert changes -- cgit v1.2.1