- 30 Jun, 2016 1 commit
-
-
Douwe Maan authored
Fix privilege escalation issue with OAuth external users Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312 This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list. /cc @douwe See merge request !1975 (cherry picked from commit 5e6342b7)
-
- 29 Jun, 2016 6 commits
-
-
Robert Speicher authored
-
Yorick Peterse authored
Use update_columns to by_pass all the dirty code on active_record See merge request !4985 (cherry picked from commit ad09fcb5)
-
Yorick Peterse authored
Reduce overhead and optimize ProjectTeam#max_member_access performance See merge request !4973 (cherry picked from commit d33991f8)
-
Jacob Schatz authored
Fixes missing avatar on system notes Closes #17295 ![Screen_Shot_2016-06-27_at_12.50.50_PM](/uploads/b142226e608ccfe751a9b6059f57c9ec/Screen_Shot_2016-06-27_at_12.50.50_PM.jpg) See merge request !4954 (cherry picked from commit 9e8fdead)
-
Jacob Schatz authored
Removed fade when filtering results ## What does this MR do? Removes the `opacity` change when filtering results seeing as we now do `Turbolinks.visit` it isn't required. Best way to see issue - filter issues & then go back. Will still have opacity styling. See merge request !4932 (cherry picked from commit bef4294c)
-
Jacob Schatz authored
Fixed avatar alignment in new MR view ## What does this MR do? Fixes the alignment of the avatar in new MR view. Closes #19076 ## Screenshots (if relevant) ![Screen_Shot_2016-06-24_at_12.53.58](/uploads/fc94faf2e48f194852693b7ae79e8fa3/Screen_Shot_2016-06-24_at_12.53.58.png) See merge request !4901 (cherry picked from commit 3611ee56)
-
- 28 Jun, 2016 11 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
-
Yorick Peterse authored
Use memorized tags array when searching tags by name See merge request !4859 (cherry picked from commit 9d0ef60d)
-
Rémy Coutable authored
Fix encrypted data backwards compatibility after upgrading attr_encrypted gem Adds missing attribute to attr_encrypted so it is fully backwards-compatible. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19073 See merge request !4963 (cherry picked from commit 2c3f3cb3)
-
Robert Speicher authored
Fix rendering of commit notes See merge request !4953 (cherry picked from commit 9c9b0eef)
-
Dmitriy Zaporozhets authored
Resolve "Pin should show up at 1280px min" Decreased window min width for pinned sidebar Closes #19171 Part of #19200 ![Screen_Shot_2016-06-27_at_9.36.13_AM](/uploads/d0a87bca5af1bee808c5b1046c0ecf72/Screen_Shot_2016-06-27_at_9.36.13_AM.png) See merge request !4947 (cherry picked from commit bbbd0e6c)
-
Dmitriy Zaporozhets authored
Switched mobile button icons to ellipsis and angle ## What does this MR do? Switches the mobile button icons ## What are the relevant issue numbers? Closes #19170 Part of #19200 ## Screenshots (if relevant) ![Screen_Shot_2016-06-27_at_9.08.28_AM](/uploads/7784489402e342e671d02b24d2ea0d64/Screen_Shot_2016-06-27_at_9.08.28_AM.png) See merge request !4944 (cherry picked from commit abc6004f)
-
Robert Speicher authored
Correctly return todo ID after creating todo See merge request !4941 (cherry picked from commit 21842cf9)
-
Rémy Coutable authored
Better debugging for memory killer middleware This adds more info to the warning messages output by `MemoryKiller`. Previously only the PID was showed, making it difficult to debug issues like https://gitlab.com/gitlab-org/gitlab-ce/issues/19124 This adds the worker class and job ID to the log messages. See merge request !4936 (cherry picked from commit 3659992c)
-
Fatih Acet authored
Remove duplicate new page btn from edit wiki ## What does this MR do? Removes duplicate button on wiki page ## What are the relevant issue numbers? Closes #19075 ## Screenshots (if relevant) ![Screen_Shot_2016-06-24_at_9.45.28_AM](/uploads/8dca96c3e75b428d63acaaba6dede9a6/Screen_Shot_2016-06-24_at_9.45.28_AM.png) ![Screen_Shot_2016-06-24_at_9.45.57_AM](/uploads/e6ea97b07e48d2fe6f108d8c5a943583/Screen_Shot_2016-06-24_at_9.45.57_AM.png) See merge request !4904 (cherry picked from commit 121c5c83)
-
Robert Speicher authored
Use clock_gettime for all performance timestamps This MR adjusts the performance monitoring code to use `Process.clock_gettime` (thus `clock_gettime(3)`) instead of `Time.now`. Using `Time.now` / `Time.new` adds more overhead than `Process.clock_gettime`, it also doesn't provide a way of getting timestamps in nanoseconds (which `Process.clock_gettime` does allow). See merge request !4899 (cherry picked from commit 53ad9522)
-
- 27 Jun, 2016 6 commits
-
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
-
Stan Hu authored
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml ## What does this MR do? Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951
-
Robert Speicher authored
Fix visibility of snippets when searching Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997 See merge request !1972
-
Robert Speicher authored
Fix an information disclosure when requesting access to a group containing private projects Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102. The commit speaks for itself: Fix an information disclosure when requesting access to a group containing private projects The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. See merge request !1973
-
Rémy Coutable authored
Remove duplicate changelog entry ## What does this MR do? Removes a changelog entry from 8.9.1, which is only present in 8.10 See merge request !4937
-
- 26 Jun, 2016 2 commits
-
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
[ci skip]
-
- 25 Jun, 2016 1 commit
-
-
Robert Speicher authored
-
- 24 Jun, 2016 7 commits
-
-
Stan Hu authored
Add SMTP as default delivery method to match gitlab-org/omnibus-gitlab!826 Something happened after upgrading to 8.9RC5 that caused mail settings to be set to sendmail by default. gitlab-com/infrastructure#128 describes the issue in more detail. This MR mirrors the change in omnibus with gitlab-org/omnibus-gitlab!826. Closes #19132 See merge request !4915
-
Stan Hu authored
Fix a wrong MR status when merge_when_build_succeeds & project.only_allow_merge_if_build_succeeds are true ## What does this MR do? Fix a wrong MR status when merge_when_build_succeeds & project.only_allow_merge_if_build_succeeds are true. ## Are there points in the code the reviewer needs to double check? @stanhu I reused your proposal from the issue, I think it's a good enough solution. ## What are the relevant issue numbers? Fixes #19035. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4912
-
Robert Speicher authored
[ci skip]
-
Yorick Peterse authored
Eager load award emoji on notes and participants See merge request !4628
-
Rémy Coutable authored
Fix temp file being deleted after the request while importing a GitLab project Fixes https://gitlab.com/gitlab-com/infrastructure/issues/151 In production, the temporary uploaded file is getting deleted straight after the request so the Sidekiq worker is unable to find it in `/tmp` Also, improved erroring/logging of this situation. See merge request !4894
-
Jacob Schatz authored
Remove width restriction for logo on sign-in page. Follow-up on !4661 since we didn't remove the width restriction on that. See merge request !4888
-
Yorick Peterse authored
Support for rendering/redacting multiple documents See merge request !4828
-
- 23 Jun, 2016 6 commits
-
-
Jacob Schatz authored
Resolve "Scrolling horz on iOS for the secondary nav is broken" ## What does this MR do? Moves absolutely positioned `div`s outside of the scrolling container because mobile safari causes those elements to jump around on scroll. ## Are there points in the code the reviewer needs to double check? Check on a real iPhone (was only able to check in iOS simulator) ## Why was this MR needed? Mobile Safari. ## What are the relevant issue numbers? Closes #18438 ## Screenshots (if relevant) ![mobile-safari-fix](/uploads/b38bba735530eb11507fe03036292dd8/mobile-safari-fix.gif) See merge request !4869
-
Jacob Schatz authored
Apply selected value as label ## What does this MR do? ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## What are the relevant issue numbers? ## Screenshots (if relevant) ![dropdown-label](/uploads/db2ea7cb3cc51fbdeea53c304f1bd7a5/dropdown-label.gif) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4886
-
Stan Hu authored
Bump gitlab_git to 10.2.3 to fix false truncated warnings with ISO-8559 files Closes #18690 See merge request !4884
-
Robert Speicher authored
Restore old behavior around diff notes to outdated discussions Fixes #18569 See merge request !4870
-
Jacob Schatz authored
Fix unwanted label unassignment ## What does this MR do? - When updating the milestone - [x] Do not remove labels when assigning a milestone - [x] Do not remove labels when unassigning a milestone - [x] Do not remove labels when assigning a milestone and adding another label - When toggling selected issues labels should be kept - [x] Select an issue with an assigned label -> pick another label from dropdown-> unselect the issue -> select the issue again -> submit the form: Existing label should not be removed. ## Are there points in the code the reviewer needs to double check? Labels should not be added or removed to issues when doing bulk actions unless we explicitly select a label from the dropdown ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4863
-
Robert Speicher authored
[ci skip]
-