- 25 Apr, 2016 2 commits
-
-
Robert Speicher authored
Prevent privilege escalation via "impersonate" feature Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15548 See merge request !1956
-
Robert Speicher authored
Fixes window.opener bug Adds `noreferrer` value to rel attribute for external links REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331 See merge request !1953
-
- 17 Mar, 2016 3 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Bump Git version requirement to 2.7.4 (for 8.2) [ci skip] See merge request !3285
-
Douwe Maan authored
-
- 15 Dec, 2015 1 commit
-
-
Douwe Maan authored
Fix note polling Closes #4032 See merge request !2084
-
- 10 Dec, 2015 3 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
Enable Devise paranoid mode and ensure the returned message is the same every time. This will prevent user enumeration (low impact). Prior to this change a user could type an email in the password reset field and if the email didn't exist it returned an error. If the email was valid it returned a message saying the forgot password link had been emailed. After this change the user will receive a message that if the email is in our database the reset link will be emailed. I also changed the throttle mechanism so it still works the same but now returns the exact same message as above. Previously it would say 'You've already sent a request. Wait a few minutes'. This also allows user enumeration, although it requires a double-check. Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624 See merge request !2044
-
- 09 Dec, 2015 1 commit
-
-
Robert Speicher authored
Use YAML.safe_load See merge request !1941
-
- 08 Dec, 2015 1 commit
-
-
Douwe Maan authored
Fix 500 error when creating a merge request that removes a submodule Fixes #3476 See merge request !1989
-
- 07 Dec, 2015 4 commits
-
-
Robert Speicher authored
[ci skip]
-
Grzegorz Bizon authored
Fix problems with award-emoji-only comment This fixes a conflict between note with only a single emoji in content and award-emojis mechanisms. Closes #3734 cc @vsizov See merge request !1936
-
Valery Sizov authored
Add added, modified and removed properties to commit object in webhook https://gitlab.com/gitlab-org/gitlab-ee/issues/20 See merge request !1988
-
Douwe Maan authored
Fix Error 500 when creating global milestones with Unicode characters Two issues: 1. The constraints in the resources were incorrect. Here's what it was before: ``` group_milestone GET /groups/:group_id/milestones/:id(.:format) groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/} ``` In this case, id is actually the title of the milestone, which can be anything at the moment. After: ``` group_milestone GET /groups/:group_id/milestones/:id(.:format) groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/} ``` 2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like: ``` ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]): ``` This change uses the babosa library to create a better slug, which surprisingly isn't actually used by the global milestone controllers. Instead, they use the title passed as a query string for some reason. Closes https://github.com/gitlabhq/gitlabhq/issues/9881 See merge request !1983
-
- 05 Dec, 2015 1 commit
-
-
Job van der Voort authored
fixed the documentation of the Guest role in permission.md This MR fixes the documentation of the Guest role. closes gitlab-org/gitlab-ce#3777 [ci skip] See merge request !1952
-
- 04 Dec, 2015 1 commit
-
-
Dmitriy Zaporozhets authored
Fix application settings cache not expiring after changes cache_key is an instance method that relies on updated_at. When changes were made, the time-dependent key was being used instead of X.application_setting.last. Closes #3609 See merge request !1972
-
- 02 Dec, 2015 2 commits
-
-
Robert Speicher authored
-
Dmitriy Zaporozhets authored
Show Gmail actions links only on expected set of emails See merge request !1901
-
- 01 Dec, 2015 1 commit
-
-
Robert Speicher authored
Install gitlab-shell 2.6.8 in installations from source [ci skip] See merge request !1932
-
- 30 Nov, 2015 5 commits
-
-
Valery Sizov authored
Fire update hook from GitLab https://gitlab.com/gitlab-org/gitlab-ce/issues/3069 See merge request !1882
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
See merge request !1916
-
Dmitriy Zaporozhets authored
Fix Error 500 when viewing user's personal projects from admin page This is a regression introduced in 4d7f00fd. Closes #3680 Closes https://github.com/gitlabhq/gitlabhq/issues/9861 Closes gitlab-org/gitlab-ee#90 See merge request !1909
-
-
- 27 Nov, 2015 3 commits
-
-
Robert Speicher authored
-
Douwe Maan authored
-
Robert Speicher authored
Nginx workhorse upload limit See merge request !1919
-
- 25 Nov, 2015 4 commits
-
-
Jacob Vosmaer authored
-
Dmitriy Zaporozhets authored
Bump gitlab-shell to 2.6.8 in stable Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> For gitlab/gitlabhq#2635 See merge request !1940
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Robert Speicher authored
Maybe rescue session_expire_delay by setting a default value. Related to gitlab-org/omnibus-gitlab#956 See merge request !1880
-
- 24 Nov, 2015 1 commit
-
-
Dmitriy Zaporozhets authored
Update required version of lfs client and separate the docs for users and admins. See merge request !1855
-
- 23 Nov, 2015 4 commits
-
-
Robert Speicher authored
Expose artifacts path This fixes broken artifacts storage path. Fixes #3607 Fixes #3608 Related: gitlab-org/omnibus-gitlab!544 See merge request !1869
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
Fix 500 when using CI - Fix for Ci::Build state machine, allowing to process builds without the project - Forcefully update builds that didn't want to update with state machine - Fix saving GitLabCiService as Admin Template Fixes #3556 See merge request !1873
-
Robert Speicher authored
Fix CSS styling for clipboard icon in new MR page Closes #3602 See merge request !1870
-
- 22 Nov, 2015 3 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Emoji bug: Invalid url to image Closes #3591 See merge request !1868
-
Dmitriy Zaporozhets authored
Handle removed source projects in MR CI commits Fixes #3599 @dzaporozhets assigning this to you since you wrote the original code. Perhaps checking for the source project isn't the right way, but I'm not sure if there's a better way (e.g. somewhere earlier in the process) that we can detect this. See merge request !1859
-