An error occurred fetching the project authors.
- 14 Jun, 2016 10 commits
-
-
Sean McGivern authored
Wiki files (not pages - files in the repo) are just sent to the browser with whatever content-type the mime_types gem assigns to them based on their extension. As this is from the same domain as the GitLab application, this is an XSS vulnerability. Set a CSP forbidding all sources for scripting, CSS, XHR, etc. on these files.
-
Douwe Maan authored
Add whitelisted elements correctly in sanitization Add whitelisted elements correctly in sanitization Consider this command: bundle exec rails r "include GitlabMarkdownHelper puts markdown('<span>this is a span</span>', pipeline: :description) puts markdown('<span>this is a span</span>')" And the same in the opposite order: bundle exec rails r "include GitlabMarkdownHelper puts markdown('<span>this is a span</span>') puts markdown('<span>this is a span</span>', pipeline: :description)" Before this change, they would both output: <p><span>this is a span</span></p> <p>this is a span</p> That's because `span` is added to the list of whitelisted elements in the `SanitizationFilter`, but this method tries not to make the same changes multiple times. Unfortunately, `HTML::Pipeline::SanitizationFilter::LIMITED`, which is used by the `DescriptionPipeline`, uses the same Ruby objects for all of its hash values _except_ `:elements`. That means that whichever of `DescriptionPipeline` and `GfmPipeline` is called first would have `span` in its whitelisted elements, and the second wouldn't. Fix this by adding a special check for modifying `:elements` twice, then checking `:transformers` as before. See merge request !4588
-
Douwe Maan authored
Allow users to create confidential issues in private projects Closes #14787 ## What does this MR do? Allow users to create confidential issues in private projects, and exclude access to them to project members with `Guest` role. ## Are there points in the code the reviewer needs to double check? The query generated by the `User#authorized_projects` method. ## Why was this MR needed? Community have been requesting this feature. ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/14787 https://gitlab.com/gitlab-org/gitlab-ce/issues/3678 ## Screenshots (if relevant) Not relevant. ## Todo - [x] Allow users to create confidential issues in private projects - [x] Project members with `Guest` role should not have access to confidential issues - [ ] ~~Apply changes in EE + Elasticsearch~~ Will be done in another MR, when this got merged See merge request !3471
-
Rémy Coutable authored
Bamboo & TeamCity Services: Fix missing credentials & URL handling _Note: Originally opened at !4367 by @bentolor_ I've also fixed the URL handling for TeamCity which is very similar to Bamboo implementation-wise. ----- *Note:* This is a port from my [original pull request on GitHub](https://github.com/gitlabhq/gitlabhq/pull/9428) ## What does this MR do? This improves the Bamboo Service and provides two fixes: 1. One for the situation, where the build trigger won't work because Bamboo is requiring authentication credentials for the trigger GET: 8f25aca307b49ee006172b8c2985a878800aa6b6 2. One which fixes the way how the configured Bamboo base URL is assembled to the final REST URL. fe9eb30d7ebe4a83eefea7e06f8b69b135dad15d ### Regarding credentials The change now does provide additional HTTP Basic Auth parameters if user credentials were provided and appends an request parameter indicating the HTTP Basic Authentication should be used. This aligns interaction with Bamboo with the other calls this service executes. ### Regarding URL handling If one had configured a `bamboo_url` like http://foo.bar/bamboo in the previous implementation the plugin directed it's request i.e. to http://foo.bar/rest/... instead of http://foo.bar/bamboo/rest/... ## Are there points in the code the reviewer needs to double check? The second issues was probably an unwanted side effect of how Ruby's `URI.join` is working. It will only work correctly, if - ... the prefix URL has at least one or more trailing `/` - .. the appendix parts are _not_ prefixed with `/` I need try & figure it out using the rather lacking, official stdlib documentation and playing around in `irb`. As I'm an absolute Ruby novice I'm unable to add/provide new tests. ## Why was this MR needed? Because Gitlab does not work in our Bamboo-Environment at all: Neither it is able to trigger Bamboo runs nor does the Merge status check work. This MR at least fixes the trigger issues. ## What are the relevant issue numbers? This MR originates from my [original pull request on GitHub](https://github.com/gitlabhq/gitlabhq/pull/9428). Sadly the issue, that the merge status is still not working correctly for branches will still not work. But at least the trigger works. There happened to be very much discussion about the branch status issue in #1355 and #2562 though that one is lost as the author retracted his branch. See merge request !4408
-
Rémy Coutable authored
Add more information into RSS feed for issues ## What does this MR do? This MR adds issue text, labels , milestone, assignee and due date into issues RSS feed. ## Are there points in the code the reviewer needs to double check? #14572 requests to add 'weight' among other fields. Seems like issue weight is available in enterprise edition only so it is not implemented in this MR. Please correct me if I'm wrong. ## Why was this MR needed? This MR is needed because it extends issues RSS feed with useful information requested in #14572. ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/14572 See merge request !4158
-
Rémy Coutable authored
If one had configured a `teamcity_url` like http://foo.bar/teamcity in the previous implementation the plugin directed it's request i.e. to http://foo.bar/httpAuth/... instead of http://foo.bar/teamcity/httpAuth/... `URI.join` only works correctly, if the prefix URL has - at least one or more trailing '/' - the appended parts are _not_ prefixed with '/' The current implementation should work with all sorts of TeamCity base URLs. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Benjamin Schmid authored
If one had configured a `bamboo_url` like http://foo.bar/bamboo in the previous implementation the plugin directed it's request i.e. to http://foo.bar/rest/... instead of http://foo.bar/bamboo/rest/... `URI.join` only works correctly, if the prefix URL has - at least one or more trailing '/' - the appended parts are _not_ prefixed with '/' The current implementation should work with all sorts of Bamboo base URLs. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Benjamin Schmid authored
This improves the Bamboo Service and provides a fix for situations, where the build trigger won't work, because Bamboo is requiring authentication also for the trigger GET. The change now does provide additional HTTP Basic Auth parameters if user credentials were provided and appends an request parameter indicating the HTTP Basic Authentication should be used. This aligns interaction with Bamboo with the other calls this service executes. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Retry spinach tests in case of failure using rerun reporter ## What does this MR do? Fixes Spinach tests to retry on tests on master See merge request !4539
-
- 13 Jun, 2016 30 commits
-
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Robert Speicher authored
Remove deprecated issues_tracker and issues_tracker_id from project model Closes #3941 See merge request !4603
-
Douglas Barbosa Alexandre authored
-
Douglas Barbosa Alexandre authored
-
Robert Speicher authored
Update schema.rb for most recent migrations Fixes #18532 See merge request !4636
-
Douglas Barbosa Alexandre authored
The schema doesn’t reflect the changes of the last 3 migrations: * 20160610140403_remove_notification_setting_not_null_constraints.rb * 20160610201627_migrate_users_notification_level.rb * 20160610301627_remove_notification_level_from_users.rb
-
Dmitriy Zaporozhets authored
Remove counters from Pipeline navigation * counters are heavy from UI perspective * duplicates information from tabs below * shows 0 for less active projects. Jumps from 0 to N constantly. I think we should render counters only when necessary and only for filters ( tabs on white bg ). Exception: issues, merge requests in top navigation as status of project popularity and action required from maintainers cc @grzesiek @ayufan @jschatz1 See merge request !4617
-
Douwe Maan authored
Improve Gitlab::Auth method names Auth.find was a very generic name for a very specific method. Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also looks in Kerberos. See merge request !4589
-
Robert Speicher authored
Enable Style/MultilineBlockChain rubocop style cop Avoid multi-line chains of blocks. See #17478. See merge request !4349
-
Robert Speicher authored
Update brakeman from 3.2.1 to 3.3.2 Removes a few dependencies. Changelog: https://github.com/presidentbeef/brakeman/blob/master/CHANGES See merge request !4627
-
Alexander Matyushentsev authored
-
Alexander Matyushentsev authored
-
Alexander Matyushentsev authored
-
Alexander Matyushentsev authored
-
Kamil Trzcinski authored
-
Kamil Trzciński authored
Fix typo causing related branches to Error 500 From Sentry: https://sentry.gitlap.com/gitlab/gitlabcom/issues/6154/ See merge request !4611
-
Jacob Schatz authored
Fixes bulk-assign label for multiple issues not having the same labels ## What does this MR do? Fixes a bug when bulk-assigning a label to multiple issues while the label is present in on the issues on the selection. ## Screenshots (if relevant) **Before Bugfix** <img src="/uploads/ad1f290bcf3930177a3a71c69cbe5325/before-bugfix.gif" width="700"/> **After Bugfix** <img src="/uploads/1f04d6bf027806fb13ca3773febda744/bugfix.gif" width="700"/> ## Does this MR meet the acceptance criteria? - [x] Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) See merge request !4602
-
Rémy Coutable authored
Added when to artifacts The syntax for this will be: ``` job: artifacts: when: on_failure ``` cc @grzesiek @tmaczukin Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/4034 See merge request !4201
-
Kamil Trzcinski authored
-
Rémy Coutable authored
Cache only apt and ruby from vendor ## What does this MR do? Optimises caching mechanism when testing gitlab-ce/ee repositories. See merge request !4619
-
Rémy Coutable authored
Instrument all Banzai::ReferenceParser classes ## What does this MR do? This MR instruments all the classes in the `Banzai::ReferenceParser` namespace. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? The classes in question weren't instrumented meaning we have no idea how they're performing in production. ## What are the relevant issue numbers? None. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~ - [ ] ~~API support added~~ - [ ] ~~Tests~~ - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4620
-
Jacob Vosmaer authored
-
Achilleas Pipinellis authored
Add guide on changing a document's location ## What does this MR do? Add a documentation styleguide when changing a document's location. ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/3349 See merge request !4624
-
Achilleas Pipinellis authored
Change to new Notes styleguide See merge request !4625
-
Achilleas Pipinellis authored
[ci skip]
-
Achilleas Pipinellis authored
[ci skip]
-
Rémy Coutable authored
Fix migration helper race conditions ## What does this MR do? This MR fixes two problems with the migration helpers: 1. An error in `change_column_null` would not drop the previously created column 2. `update_column_in_batches` would rely on the number of rows in a table to determine how many to update. This meant that newly inserted rows (after the `COUNT`) would not be taken into account. This MR also removes an outdated comment for `update_column_in_batches`. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? See above. ## What are the relevant issue numbers? Fixes #18483 ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] ~~API support added~~ - [ ] Tests - [x] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4618
-