- 09 Nov, 2016 8 commits
-
-
Sean McGivern authored
Integrate CI emails into notification system Closes #21930 See merge request !6342
-
Rémy Coutable authored
[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Alejandro Rodriguez authored
Restore unauthenticated access to public container registries Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24284 See merge request !2025 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Robert Speicher authored
Respect project visibility settings in the contributions calendar This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403 See merge request !2019 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000
-
- 08 Nov, 2016 32 commits
-
-
Annabel Dunstone Gray authored
24146 Add focus state to buttons and dropdowns ## What does this MR do? Adds focus state to buttons and dropdowns ## Are there points in the code the reviewer needs to double check? All focus states of buttons and dropdowns :) ## Why was this MR needed? Improve accessibility ## Screenshots (if relevant) Before: ![Screen_Shot_2016-11-07_at_4.30.31_PM](/uploads/8db2ac5e225c78495797180faf7bdb28/Screen_Shot_2016-11-07_at_4.30.31_PM.png) After: ![Screen_Shot_2016-11-07_at_4.30.16_PM](/uploads/4a81810cafe3063eef02b7bc87f8ce69/Screen_Shot_2016-11-07_at_4.30.16_PM.png) ## Does this MR meet the acceptance criteria? - [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #24146 See merge request !7347
-
Achilleas Pipinellis authored
Bring back the old JIRA docs ## What does this MR do? Bring back the old JIRA docs ## Why was this MR needed? https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6598 introduced new JIRA settings, but that's not yet released. Since our documentation is currently built using the master branch, users are having issues where the docs show different settings than what GitLab's latest stable release supports. ## What are the relevant issue numbers? https://gitlab.zendesk.com/agent/tickets/48003 See merge request !7365
-
Fatih Acet authored
Improved build page scroll UX ## What does this MR do? This MR smoothes the UX of the builds page by more effectively affixing the scroll step buttons. It also ensures the scroll step buttons are always in view, even if the sidemenu is open. It also moves the autoscroll button into the same container as the scroll buttons. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? The build scroll buttons are always in unpredictable places and are often hidden behind sidemenus. ## Screenshots (if relevant) ![2016-09-08_17.43.58](/uploads/49cb9ad5ef2764453afaa405af7111b2/2016-09-08_17.43.58.gif) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Contributes #21832 See merge request !6270
-
Achilleas Pipinellis authored
https://gitlab.zendesk.com/agent/tickets/48003 [ci skip]
-
Fatih Acet authored
Replace jQuery.timeago with timeago.js ## What does this MR do? Replaces jQuery.timeago with [timeago.js](https://github.com/hustcc/timeago.js) ## Are there points in the code the reviewer needs to double check? * Check to make sure its working everywhere
😄 * Check to make sure the timeago wording matches what we have now (I think I've got this down but an extra pair of👀 would help too) ## Why was this MR needed? * The jQuery.timeago version we have is outdated * timeago.js is smaller (7.19 KB => 4.52 KB) * timeago.js has no jQuery dependency * removes all inline javascript⚔ for timeago ## Screenshots (if relevant) None ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #21793 See merge request !6274 -
tauriedavis authored
-
Achilleas Pipinellis authored
Document the usage of the Docker OverlayFS driver Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/21596 See merge request !7361
-
Rémy Coutable authored
Apply `*_params_ce` pattern to ProjectsController See merge request !7338
-
Robert Speicher authored
Clicking "force remove source branch" label now toggles the checkbox again We remove the ID from the hidden tag for `merge_request[force_remove_source_branch]` in order to fix the checkbox toggling when the associated label is clicked. The issue was introduced by !7267 and discovered in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7267#note_18028311. See merge request !7356
-
Achilleas Pipinellis authored
[ci skip]
-
Lin Jen-Shin authored
* upstream/master: (70 commits) Fix routing spec for group controller Add small improvements to constrainers and specs Faster search Fix broken commits search Changed helper method to check for none on params Moved if statements around in view API: Return 400 when creating a systemhook fails Update non-exist group spinach test to match routing Bump omniauth-gitlab to 1.0.2 to fix incompatibility with omniauth-oauth2 Replace trigger with the new ID of the docs project Refactor method name 17492 Update link color for more accessible contrast Fixed todos empty state when filtering Refactor namespace regex implements reset incoming email token on issues modal and account page, reactivates all tests and writes more tests for it Use separate email-friendly token for incoming email and let incoming email token be reset Use the Gitlab Workhorse HTTP header in the admin dashboard Refactor project routing Fix 404 when visit /projects page Rewritten spinach git_blame tests to rspec feature tests Add tests for project#index routing ...
-
Sean McGivern authored
Faster search inside Project See merge request !7353
-
Sean McGivern authored
Fix new branch button spec Closes #24089. See merge request !7284
-
Dmitriy Zaporozhets authored
Refactor routing constraints ## What does this MR do? Refactors routing constraints ## Why was this MR needed? This refactoring make it possible to introduce nesting namespaces and project constrainer in future. ## What are the relevant issue numbers? Extracted from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121/ See merge request !7327
-
Rémy Coutable authored
Fix broken commits search ## What does this MR do? Fixes commits search ## What are the relevant issue numbers? Closes #24255 See merge request !7339
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Fatih Acet authored
Move Ajax interceptor into describe block ## What does this MR do? Move registering the Vue resource interceptor for issue board mock data into the corresponding `describe` blocks. ## Why was this MR needed? Currently, the interceptor is registered for every test (which makes them at best fail for Ajax calls using Vue resource). See merge request !7304
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Dmitriy Zaporozhets authored
Refactor project routing ## What does this MR do? Refactor project routing: * split on multiple files * improve routing order ## Why was this MR needed? It makes it easier to maintain and modify project routing ## What are the relevant issue numbers? Extracted from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121 See merge request !7329
-
Sean McGivern authored
Refactor namespace regex Reuse existing namespace regex constant in routing See merge request !7336
-
Yorick Peterse authored
Set default Sidekiq retries to 3 See merge request !7294
-
Dmitriy Zaporozhets authored
Refactor group routing ## What does this MR do? Refactor group routing: * separate controller actions from nested resources * prepare group routing for nested namespaces support ## Why was this MR needed? So when we introduce nested groups support we need to only change `:id` to `*id` ## What are the relevant issue numbers? Extracted from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121 See merge request !7328
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Valery Sizov authored
-
Robert Speicher authored
Bump omniauth-gitlab to 1.0.2 to fix incompatibility with omniauth-oauth2 As noted in gitlab-com/support-forum#1270, omniauth-gitlab fails if omniauth-oauth2 is bumped to 1.4.0, OAuth2 quietly fails due to https://github.com/linchus/omniauth-gitlab/issues/10: ``` 21:26:04 rails-web.1 | I, [2016-11-07T21:26:04.245007 #56637] INFO -- omniauth: (gitlab) Callback phase initiated. 21:26:05 rails-web.1 | E, [2016-11-07T21:26:05.068009 #56637] ERROR -- omniauth: (gitlab) Authentication failure! invalid_credentials: OAuth2::Error, invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. ``` This was fixed and discussed here: * https://github.com/linchus/omniauth-gitlab/commit/26c47e55396205fab8439363c98136d0fde797f3 * https://github.com/linchus/omniauth-gitlab/issues/10 Bumping this version to 1.0.2 will ensure future compatibility. See merge request !7348
-
Douwe Maan authored
Use separate email-friendly token for incoming email See merge request !5914
-
Sean McGivern authored
Fixed todos empty state when filtering Closes #24127 See merge request !7334
-
Sean McGivern authored
Fix project index page See merge request !7331
-
Valery Sizov authored
-
Rémy Coutable authored
API: Return 400 when creating a systemhook fails Closes #23335 See merge request !7350
-