- 14 Dec, 2016 12 commits
-
-
Rémy Coutable authored
Filter `incoming_email_token` and `runners_token` parameters Closes https://dev.gitlab.org/gitlab/gitlabhq/issues/2676 See merge request !2045
-
Sean McGivern authored
Issue#visible_to_user moved to IssuesFinder Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24637. See merge request !2039
-
Douwe Maan authored
Fix missing Note access checks in by moving Note#search to updated NoteFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR?
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested ### Note lookup without access check - [x]✅ app/finders/notes_finder.rb:13 :download_code check - [x]✅ app/finders/notes_finder.rb:19 `SnippetsFinder` - [x]✅ app/models/note.rb:121 [`Issue#visible_to_user`] - [x]✅ lib/gitlab/project_search_results.rb:113 - This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`. - It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked. ### Previous discussions - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used - `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223 ### Acceptance criteria met? - [x] Tests added for new code - [x] TODO comments removed - [x] Squashed and removed skipped tests - [x] Changelog entry - [ ] State Gitlab versions affected and issue severity in description - [ ] Create technical debt issue for NotesFinder. - Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two. - Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)` - Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes` See merge request !2035 -
Sean McGivern authored
API: Memoize the current_user so that the sudo can work properly Closes #25482 See merge request !8017
-
Rémy Coutable authored
Encode when migrating ProcessCommitWorker jobs ## What does this MR do? This adds encoding logic to the migration for ProcessCommitWorker, ensuring it doesn't throw errors when the input can not be converted to UTF-8 without extra help. ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/25489 See merge request !8064
-
Sean McGivern authored
Displays milestone remaining days only when it's present See merge request !7998
-
Sean McGivern authored
Use a single query in Projects::ProjectMembersController to fetch members See merge request !7997
-
Fatih Acet authored
Fixed timeago re-rendering every element ## What does this MR do? Fixes an issue when new notes are added timeago will be initialised for every timeago element on the page again and therefore adding more timeouts. See merge request !7969
-
Sean McGivern authored
Allow branch names with dots on API endpoint closes #25030 See merge request !7963
-
Gabriel Mazetto authored
Avoid escaping relative links in Markdown twice ## What does this MR do? Avoid escaping relative links in Markdown twice. ## Why was this MR needed? Relative links with special characters (e.g. spaces) were escaped twice. ## What are the relevant issue numbers? closes #25191, #25318 See merge request !7940
-
Sean McGivern authored
Remove wrong '.builds-feature' class from the MR settings fieldset Closes #25171 See merge request !7930
-
- 13 Dec, 2016 5 commits
-
-
Alejandro Rodríguez authored
-
Alfredo Sumaran authored
Correct autocomplete for values with special characters This adds a check for any special chars in any value passed to the `DefaultOptions.beforeInsert` callback function. If special chars are found and `skipSpecialCharTest` option is `false`, it will wrap the value in quotation marks. This fixed autocompleting `~customer+` instead of `~"customer+"`. ![2016-12-03_10.37.11](/uploads/59159623638939933d23b447692775b8/2016-12-03_10.37.11.gif) - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) Closes #25286, #24961 See merge request !7910
-
Sean McGivern authored
Shows group members in the project members list Closes #24122 See merge request !7899
-
Alfredo Sumaran authored
fix display hook error message ## What does this MR do? Fix hook error message display. ## Are there points in the code the reviewer needs to double check? Probably Hook will return the plain multi line text. It is better `pre` tag than `h4`. I thought of another good looking display, but I did not come up with it.
😓 ## Why was this MR needed? When the hook returns an STDERR, "Merge in progress" button spinning forever. Due to javascript's error. ## Screenshots (if relevant) When update hook returns an error like ``` XXXXXXXX YYYYYYYY ZZZZZZZZ ``` ![screen_shot](/uploads/8dac77972a309dfcb72c741dffbd7270/screen_shot.png) ## What are the relevant issue numbers? Closes #24020 See merge request !7775 -
Jacob Schatz authored
Remove 'Leave Project' and 'Leave Group' from settings dropdowns ## What does this MR do? Removes `Leave Project` and `Leave Group` from the settings dropdown. Adds it to the `views/shared/members/access_request_buttons.html.haml`. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ![Screen_Shot_2016-11-19_at_15.34.26](/uploads/5c66a025513b4780a9e881f0036381e4/Screen_Shot_2016-11-19_at_15.34.26.png) ![Screen_Shot_2016-11-19_at_15.35.29](/uploads/ed74a5dfe982cf65bb49c0c4fb307061/Screen_Shot_2016-11-19_at_15.35.29.png) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #23305 See merge request !7600
-
- 08 Dec, 2016 5 commits
-
-
Alejandro Rodríguez authored
-
Alejandro Rodríguez authored
[ci skip]
-
Jacob Vosmaer authored
-
Sean McGivern authored
Make the `downtime_check` task happy See merge request !7845 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Reenables the API /users to return `private-token` when sudo is either a parameter or passed as a header and the user is admin. Closes #24537 See merge request !7615 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 07 Dec, 2016 12 commits
-
-
Alejandro Rodríguez authored
-
Douwe Maan authored
Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
⚠ - Potentially untested💣 - No test coverage🚥 - Test coverage of some sort exists (a test failed when error raised)🚦 - Test coverage of return value (a test failed when nil used)✅ - Permissions check tested - [x]💣 app/finders/notes_finder.rb:17 - [x]⚠ app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x]💣 app/controllers/concerns/creates_commit.rb:84 - [x]🚥 app/controllers/projects/commits_controller.rb:24 - [x]🚥 app/controllers/projects/compare_controller.rb:56 - [x]🚦 app/controllers/projects/discussions_controller.rb:29 - [x]✅ app/controllers/projects/todos_controller.rb:27 - [x]🚦 app/models/commit.rb:268 - [x]✅ lib/gitlab/search_results.rb:71 - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033 -
Robert Speicher authored
Don't accidentally mark unsafe diff lines as HTML safe Fixes potential XSS issue when a legacy diff note is created on a merge request whose diff contained HTML See https://gitlab.com/gitlab-org/gitlab-ce/issues/25249 See merge request !2040
-
Douwe Maan authored
Add authentication_token to filter_parameters list See merge request !2041
-
Robert Speicher authored
Destroy a user session when they delete their own account via browser This patch destroys a user's session when they delete their own account using a browser. A new session is created as they are redirected to the sign_in page. Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015 See merge request !2042
-
Yorick Peterse authored
Bump gitlab-shell version to 4.0.3 See merge request !7953
-
Douwe Maan authored
Remove caching of Repository#has_visible_content? This MR removes the caching of `Repository#has_visible_content?`. The cache for this method is no longer necessary and this should solve the problem described in https://gitlab.com/gitlab-org/gitlab-ce/issues/25278. See merge request !7947
-
Sean McGivern authored
Authorize users into imported GitLab project https://gitlab.com/gitlab-com/support-forum/issues/1313 See merge request !7936
-
Fatih Acet authored
Fix compatibility with Internet Explorer 11 for merge requests ## What does this MR do? This merge request restores the compatibility with Internet Explorer 11. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? Commit ca3c0c6c introduced an incompatibility with Internet Explorer 11. On all merge requests in all projects the 'Changes' tab does not display the changes in IE11 but instead fails with 'Something went wrong on our end'. The reason ist, that this code snipped produces different results on Firefox and Internet Explorer 11: ``` var element = document.createElement('a'); element.href = '/some/absolute/url'; alert(element.pathname); ``` With Internet Explorer 11 the alert will print a relative path, whereas with Firefox the alert will print an absolute path. For GitLab this meant that a wrong AJAX URL was composed which resulted in a 404. ## Screenshots (if relevant) None. ## Does this MR meet the acceptance criteria? - [X] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [X] Added for this feature/bug - [ ] All builds are passing - [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [X] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? #23977 #24380 See merge request !7525
-
Fatih Acet authored
Pipelines tabs ## What does this MR do? Changes the URL when the builds tab is clicked making it possible to be shared. 1. Adds a standard way to handle linked tabs: * This behaviour is already present in the merge requests, commit and user `show` page. * This MR introduces a reusable way to accomplish this behaviour for pages with static content. 2. Adds test: * For the linked tabs reusable class * For the pipelines tabs ## Why was this MR needed? To allow having a sharable URL that represented the opened tab ![tabs](/uploads/91e663c12c6e9ac46a17aa3a9489dc72/tabs.gif) ## Does this MR meet the acceptance criteria? - [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24814 See merge request !7709
-
Fatih Acet authored
Resolve "Highlighting lines is broken" Add line highlighting back to diff view. This was working in the MR "changes" tab, but not on a commit page such as https://gitlab.com/winniehell/reproduction-area/commit/9101e66f5761929002956e0f2dd65d7f8643903d ~~This MR also fixes the `scrollToElement` method in `MergeRequestTabs` to account for the extra height of the tab links which are now fixed in place once they are scrolled to the top of the screen.~~ (removed in favor of !7051) This MR also refactors much of the `Diff` and `MergeRequestTabs` classes to es6 syntax in an effort to increase readability. Check out both MR "change" tabs and commit diff pages and ensure that line highlighting works and that loading a page with one of these permalink hashes correctly highlights and scrolls to the line. Ensure I didn't break anything in the transition to es6 syntax. Check the functionality of the tabs on MR pages, as well as diff page interactivity (unfolding hidden lines in diff files, adding comments to diffs, etc). I have checked these myself, but another set of eyes would be a good idea. - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) Closes #23696 See merge request !7090
-
Kamil Trzciński authored
Fix pipeline author for Slack and use pipeline id for pipeline link [Context](https://gitlab.slack.com/archives/runner-builds/p1479238493000018) Pipeline Slack message: > gitlab-org/gitlab-ci-multi-runner: Pipeline 8bed2a3b of fix/handle-failed-state-while-patching-trace branch by failed in 1389 seconds Quotes: > @godfat Take a look at these notifications, they seems to be missing author and should probably use Pipeline ID instead of SHA See merge request !7506
-
- 02 Dec, 2016 6 commits
-
-
Alejandro Rodríguez authored
-
Alejandro Rodríguez authored
[ci skip]
-
Alejandro Rodríguez authored
-
Rémy Coutable authored
Fixes ActionView::Template::Error: undefined method `text?` for nil:NilClass Closes #25251 See merge request !7893
-
Sean McGivern authored
Fix URL rewritting in the Help section Closes #25199 See merge request !7875
-
Sean McGivern authored
Fix GitHub importer to import PR where source repo/fork was renamed/deleted Closes #24594 See merge request !7865
-