- 28 Sep, 2016 3 commits
-
-
Douwe Maan authored
API: disable rails session auth for non-GET/HEAD requests Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435 See merge request !1999 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Set a restrictive CORS policy for the API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22450 See merge request !1998 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Enforce the fork_project permission in Projects::CreateService Projects::ForkService delegates to this service almost entirely, but needed one small change so it would propagate create errors correctly. CreateService#execute needs significant refactoring; it is now right at the complexity limit set by Rubocop. I avoided doing so in this commit to keep the diff as small as possible. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18028 See merge request !1996 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 19 Sep, 2016 2 commits
-
-
Rémy Coutable authored
-
Rémy Coutable authored
Allow the Rails cookie to be used for API authentication Makes the Rails cookie into a valid authentication token for the Grape API, and uses it instead of token authentication in frontend code that uses the API. Rendering the private token into client-side javascript is a security risk; it may be stolen through XSS or other attacks. In general, re-using API code in the frontend is more desirable than implementing endless actions that return JSON. Closes #18302 See merge request !1995 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 14 Sep, 2016 3 commits
-
-
Rémy Coutable authored
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Exclude some pending or inactivated rows in Member scopes An unapproved request or not-yet-accepted invite should not give access rights. Neither should a blocked user be considered a member of anything. One visible outcome of this behaviour is that owners and masters of a group or project may be blocked, yet still receive notification emails for access requests. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/21650 See merge request !1994 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 19 Aug, 2016 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Update doorkeeper to 4.2.0 Changelog: https://git.io/v6PnV See merge request !5881 (cherry picked from commit c5aa31c8)
-
- 16 Aug, 2016 3 commits
-
-
Robert Speicher authored
-
Douwe Maan authored
Set permissions to admin for importing a project via Import/Export Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/20802 In order to import a project, it is now required to be an admin Moved from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5766 See merge request !1983 (cherry picked from commit 966b3038)
-
Robert Speicher authored
[ci skip]
-
- 15 Aug, 2016 1 commit
-
-
Robert Speicher authored
Upgrade Rails to 4.2.7.1 for security fixes. Upgrades Rails from 4.2.7 to 4.2.7.1 for security fixes. For more information: http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/ This should be backported to all currently-supported releases. See merge request !5781
-
- 11 Jul, 2016 2 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Fix problems with events under notes importing GitLab projects Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19588 See merge request !5154 (cherry picked from commit 734e44ee)
-
- 10 Jul, 2016 3 commits
-
-
Robert Speicher authored
Fix commit avatar alignment in compare view Closes #19567 See merge request !5128 (cherry picked from commit df49492f)
-
Rémy Coutable authored
Fix log statements in import/export Fixes - as seen in the logs: ``` Import/Export error raised on /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/import_export/file_importer.rb:19:in `rescue in import': undefined method `message' for #<String:0x007fc45e977e10> ``` See merge request !5129 (cherry picked from commit 3c89a788)
-
Robert Speicher authored
Fix broken migration in MySQL `keys` is a reserved name in MySQL, so if this migration actually attempted to remove any duplicate keys it would fail. Closes #19344 See merge request !5005 (cherry picked from commit e82c72d1)
-
- 06 Jul, 2016 15 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
Rémy Coutable authored
Add more debug info to import/export and memory killer This should help debug https://gitlab.com/gitlab-org/gitlab-ce/issues/19124 further See merge request !5108 (cherry picked from commit b73da895)
-
Phil Hughes authored
-
Douwe Maan authored
Fix diff comments not showing up in activity feed ## What does this MR do? It fixes the detection of note events to check for `Note` and `LegacyDiffNote`. ## Are there points in the code the reviewer needs to double check? No? /cc @DouweM (since I believe you introduced `LegacyDiffNote` ## Why was this MR needed? To fix #19092. ## What are the relevant issue numbers? Fixes #19092. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5069 (cherry picked from commit b5b17d00)
-
Yorick Peterse authored
Add index on both Award Emoji user and name See merge request !5061 (cherry picked from commit c85092ac)
-
Robert Speicher authored
Downgrade to Redis 3.2.2 due to massive memory leak with Sidekiq This affects GitLab 8.8 and 8.9. See: * https://github.com/mperham/sidekiq/blob/master/Changes.md#413 * https://gitlab.com/gitlab-org/gitlab-ce/issues/19441 See merge request !5056 (cherry picked from commit 4b0bd4f8)
-
Fatih Acet authored
Renable import button when import process fail due to the namespace already been taken Closes #19435 ## Screenshots (if relevant) Before: ![1](/uploads/e8de1b326e0751891f667630a7685f6a/1.png)<br/><br/> After: ![2](/uploads/566f1fd5442c28232350689fce8eae76/2.png) See merge request !5053 (cherry picked from commit d6efef0f)
-
Rémy Coutable authored
Fix snippets comments not displayed ## What does this MR do? Fix an issue where comments body were not displayed for project snippets anymore (see commit for details). ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? Because of #19388. ## What are the relevant issue numbers? Fixes #19388. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [ ] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5045 (cherry picked from commit b2273559)
-
Stan Hu authored
Fix emoji paths in relative root configurations ## What does this MR do? If a site specifies a relative URL root, emoji files would omit the path from the URL, leading to lots of 404s. ## Are there points in the code the reviewer needs to double check? At first, I tried to use `ActionView::Helpers::AssetUrlHelper.asset_url` since this is what it's intended to do. But this helper function is extremely slow, and it took minutes to generate the URLs for the hundreds of links needed for each emoji. ## Why was this MR needed? Because emojis were broken in relative URL installations ## What are the relevant issue numbers? #15642 ## Does this MR meet the acceptance criteria? - [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [X] Added for this feature/bug - [x] All builds are passing - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [X] Branch has no merge conflicts with `master` (if you do - rebase it please) - [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5027 (cherry picked from commit 88dbc4d1)
-
Rémy Coutable authored
Fixing problems with events for import/export Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19202 A couple of issues related to target being missing in exported `Events` (as being polymorphic and not have `ActiveRecord` relationships is a bit more tricky than normal models) plus as the export was in JSON, the import retrieves hashed fields as stringified hashes and not symbolized - so fixed that as well, which was the cause of https://gitlab.com/gitlab-org/gitlab-ce/issues/19202 Also fixed / refactored tests :simpl Import/Export Version has been bumped to 0.1.1 as theses changes to events won't work very well with old exports - forcing users to generate a new export in the new version. See merge request !4987 (cherry picked from commit c368cb60)
-
Fatih Acet authored
Fixed 'use shortcuts' button on docs ## What does this MR do? Exposes 'onToggleHelp() to window object through `showHelp()` so a help panel can be toggled globally using `showHelp()`. ## Are there points in the code the reviewer needs to double check? Is this the best implementation? I actually think this is tidier than doing something like `onclick="new Shortcuts().onToggleHelp"` or `$.trigger 'keydown', char: '?'` but let me know. ## Why was this MR needed? Docs UX ## What are the relevant issue numbers? Closes #19157. ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) Closes #19157 See merge request !4979 (cherry picked from commit 48843c0d)
-
Rémy Coutable authored
Admin should be able to turn shared runners into specific ones: ## What does this MR do? Make sure admins could turn shared runners into specific runners. ## Are there points in the code the reviewer needs to double check? Is this the desired behaviour? ## Why was this MR needed? Closes #19039 Closes #19272 ![Screen_Shot_2016-06-30_at_9.30.05_PM](/uploads/97eb3b4923fd4e498b1f8ca70b1345c8/Screen_Shot_2016-06-30_at_9.30.05_PM.png) See merge request !4961 (cherry picked from commit b569f842)
-
Stan Hu authored
Update RedCloth to 4.3.2 for CVE-2012-6684 ## What does this MR do? To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software. ## What are the relevant issue numbers? Closes #19169 cf. !2037, !2071 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [n/a] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [n/a] API support added - Tests - [n/a] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4929 (cherry picked from commit 95336861)
-
Rémy Coutable authored
Improve the request / withdraw access button It implements the design proposed in #18310. No. To close #18310. Closes #18310. | Medium | Large | | ----------- | ------- | | ![request_access_button](/uploads/a1de370dcbb8ac9a63d2df5c68591db7/request_access_button.png) | ![request_access_button-large](/uploads/0a1c70380268e620a6ca4d3e1661d58c/request_access_button-large.png) | | Medium | Large | | ----------- | ------- | | ![withdraw_access_request_button](/uploads/c9df39d04b61566ec143d5e9cc43ada2/withdraw_access_request_button.png) | ![withdraw_access_request_button-large](/uploads/10fdaa94d72956e06bdb995e65b51472/withdraw_access_request_button-large.png) | | Medium | Large | | ----------- | ------- | | ![request_access_button](/uploads/8e71395041a5cea996a35df2083bb723/request_access_button.png) | ![project-request_access_button-large](/uploads/adb2dec0eccec8e5171dc0e26e6b03a6/project-request_access_button-large.png) | | Medium | Large | | ----------- | ------- | | ![withdraw_access_request_button](/uploads/12be06f0a2bf9426a5e043f52c4d1dab/withdraw_access_request_button.png) | ![project-withdraw_access_request_button-large](/uploads/93fda7767ee5f02186c4c954ea346254/project-withdraw_access_request_button-large.png) | - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - Tests - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4860 (cherry picked from commit c578fb06)
-
- 05 Jul, 2016 2 commits
-
-
Rémy Coutable authored
Merge branch 'doc-mysql-priv' into 'master' ## What does this MR do? Update missing mysql user permissions. ## Why was this MR needed? This should also be in the `8-9-stable` branch. See merge request !5086
-
Achilleas Pipinellis authored
Add missing privileges to MySQL database Closes gitlab-org/gitlab-ce#19321 See merge request !5079
-
- 30 Jun, 2016 4 commits
-
-
Robert Speicher authored
-
Jacob Schatz authored
Updated breakpoint for sidebar pinning Updates the breakpoint for sidebar pinning to 1024px. Think we will have the same issue as before when picking into stable with `$window` not being defined. See merge request !5019 (cherry picked from commit c5d164d1)
-
Jacob Schatz authored
Expiry date on pinned nav cookie Adds an expiry date far into the future for the pinned nav cookie so that it survives logout & browser closing. See merge request !5009 (cherry picked from commit 73196fbd)
-
Robert Speicher authored
Handle external issues in IssueReferenceFilter Rendering issue references such as `#1` was broken for projects using an external issues tracker. See gitlab-org/gitlab-ce#19036 See merge request !4988 (cherry picked from commit 6e82c0e0)
-