- 09 Nov, 2016 4 commits
-
-
Robert Speicher authored
Respect project visibility settings in the contributions calendar This MR fixes a number of bugs relating to access controls and date selection of events for the contributions calendar Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23403 See merge request !2019 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
disable markdown in comments when referencing disabled features fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548 This MR prevents the following references when tool is disabled: - issues - snippets - commits - when repo is disabled - commit range - when repo is disabled - milestones This MR does not prevent references to repository files, since they are just markdown links and don't leak information. See merge request !2011 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 08 Nov, 2016 2 commits
-
-
Drew Blessing authored
It was previously possible for invalid credential errors to go unnoticed in this task. Users would believe everything was configured correctly and then sign in would fail with 'invalid credentials'. This adds a specific bind check, plus catches errors connecting to the server. Also, specs :)
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 07 Nov, 2016 3 commits
-
-
tiagonbotelho authored
reactivates all tests and writes more tests for it
-
Douwe Maan authored
email token be reset
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 04 Nov, 2016 1 commit
-
-
Jacob Vosmaer authored
-
- 03 Nov, 2016 2 commits
-
-
Douwe Maan authored
Fix symlink vulnerability in Import/Export Replaces https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2018 made by @james Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23822 See merge request !2022 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Fix Import/Export foreign key issue to do with project members Cleans-up any foreign keys in `ProjectMember` - same as we do with the rest of the models when importing. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23837 and https://gitlab.com/gitlab-org/gitlab-ce/issues/23739 See merge request !2020 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 01 Nov, 2016 3 commits
-
-
Felipe Artur authored
-
panjan authored
Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/18096
-
Kamil Trzcinski authored
Due to different way of handling owners of a project, they were not allowed to fetch CI sources for project.
-
- 28 Oct, 2016 1 commit
-
-
Ahmad Sherif authored
-
- 27 Oct, 2016 2 commits
-
-
Ahmad Sherif authored
-
Kamil Trzcinski authored
-
- 26 Oct, 2016 3 commits
-
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
Gabriel Mazetto authored
-
- 25 Oct, 2016 1 commit
-
-
Yorick Peterse authored
This changes ProjectCacheWorker.perform_async so it only schedules a job when no lease for the given project is present. This ensures we don't end up scheduling hundreds of jobs when they won't be executed anyway.
-
- 24 Oct, 2016 2 commits
-
-
winniehell authored
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 20 Oct, 2016 1 commit
-
-
Lin Jen-Shin authored
Closes #23208
-
- 19 Oct, 2016 8 commits
-
-
James Lopez authored
Fixed all related specs and also changed the logic to handle edge cases. This includes exporting and exporting of group labels, which will get associated with the new group (if any) or they will become normal project labels otherwise. Found other issues to do with not being able to import all labels at once in the beginning of the JSON - code was much simpler when we import all labels and milestones associated to a project first, then the associations will find the already created labels instead of creating them from the associations themselves.
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
James Lopez authored
-
James Lopez authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Felipe Artur authored
-
- 18 Oct, 2016 4 commits
-
-
Sean McGivern authored
These were introduced in: <https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/645>
-
the-undefined authored
Ensure that external URLs with non-lowercase protocols will be attributed with 'nofollow noreferrer' and open up in a new window. Covers the edge cases to skip: - HTTPS schemes - relative links Closes #22782
-
amaia authored
-
Kamil Trzcinski authored
-
- 17 Oct, 2016 3 commits
-
-
Kamil Trzcinski authored
-
Felipe Artur authored
-
Kamil Trzcinski authored
-