`User#starred_projects` doesn't perform any visibility checks. This has
a couple of problems:

1. It assumes a user can always view all of their starred projects in
   perpetuity (project not changed to private, access revoked, etc.).
2. It assumes that we'll only ever allow a user to star a project they
   can view. This is currently the case, but bugs happen.

Add `User#viewable_starred_projects` to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Hide navbar on mobile

Part of  #14838    
Closes #17323    

<img src="/uploads/33d2dbc17e94329891108c4e80d4aff3/nav.gif" width="800px">

See merge request !4103

Support multi-line tag messages

_Originally opened at !2853 by @clns._

- - -

Tag messages in Git can include a short summary of what changes are included in a release and any other relevant information. So I think GitLab should support multi-line tag messages, both in the "New Tag" interface and when viewing the tag.

Also a non-technical user could use GitLab's interface to create releases, but at the moment this is impossible because he cannot enter a multi-line message. This would've been very handy, otherwise he would need to do it from the command line or other GUI program, which is not something a non-technical user has access to or knows how to do.

This merge request adds support for multi-line tag messages. Below are the impacted screens. Let me know if I should change anything.

This would close #3690 and #2460

![image](/uploads/d33bede1141bfb10c5d9c301ee1cb0ec/image.png)
![image](/uploads/ebfea358c1a5986e7b95ad31748f7a6a/image.png)

See merge request !3833

Revert "Merge branch 'wiki-fix' into 'master'"

This reverts commit 4cc85a58 (!4026), reversing
changes made to 90ae445b.

From https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4026#note_11719950:

>  1. On Ruby 2.1.x, the [`uri.path = ::File.join(project_wiki_base_path, uri.path)`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/banzai/filter/wiki_link_filter.rb#L39) raises an `URI::InvalidComponentError: bad component(expected relative path component): http://bar.com/baz` error in `Banzai::Filter::WikiLinkFilter#rebuild_wiki_uri`, which is then rescued in [`Banzai::Filter::WikiLinkFilter#process_link_attr`](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/banzai/filter/wiki_link_filter.rb#L34), thus the link is not modified and the tests pass.
1. On Ruby 2.2.x, the same line doesn't raise an error anymore, thus tests are broken on Ruby 2.2 only. I didn't really understand yet why having absolute links in the wiki would break some tests vs having relative links as before, but I think the safest course to action is to revert this MR and to find another fix (probably just prepending `ProjectWiki#wiki_base_path` with the relative URL path component if we are in the case of a relative URL...
/cc @artem-sidorenko

Just a FYI note: no need to pick into `8-7-stable` since the original commit was not picked.

See merge request !4105

Signed-off-by: Rémy Coutable <remy@rymai.me>

Remove the annotate gem and delete old annotations

In 8278b763 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.

Fixes: #17382 

/cc @yorickpeterse 

See merge request !4099

This reverts commit 4cc85a58, reversing
changes made to 90ae445b.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Allow Redmine issue references to work as intended

Closes #14527 and #14894 

See merge request !4048

Use a case-insensitive check to compare URI schemes

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17299

See merge request !1965

Revert "Merge branch 'patch-1' into 'master'"

This reverts merge request !4030. /cc @stanhu @axil @aral

See merge request !4097

Closes #1625

Fix adding a todo for private group memebers



See merge request !4081

Add if exists to drop command

Add `IF EXISTS` as a precaution. Related to gitlab-org/gitlab-ce!4020

See merge request !4100

In 8278b763 the default behaviour of annotation
has changes, which was causing a lot of noise in diffs. We decided in #17382
that it is better to get rid of the whole annotate gem, and instead let people
look at schema.rb for the columns in a table.

Fixes: #17382

Sanitize milestones and labels titles

fixes #15394 

See merge request !4046

This reverts merge request !4030

API: Expose Issue#user_notes_count and MergeRequest#user_notes_count

_Originally opened at !2954 by @cnam812._

- - -

Expose `Issue#user_notes_count` and `MergeRequest#user_notes_count` through the API.

See merge request !3126

Backport changes from gitlab-org/gitlab-ee!372

Mostly replaces several Spinach tests with RSpec Feature tests.

See merge request !4043

Don't read otp_secret_encryption_key from hardcoded path in models/user

Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case.

Mirror of https://github.com/gitlabhq/gitlabhq/pull/10311

See merge request !4044

Signed-off-by: Rémy Coutable <remy@rymai.me>

Added documentation on how to instrument methods

This will hopefully remove me as a single point of failure when it comes to adding instrumentation.

cc @axil @rspeicher 

See merge request !4035

Use the proper GitLab URL for links in Wiki

Fixes gitlab-org/gitlab-ce#17071

wiki links are proper compiled, e.g.
```
[same-level](same-level) -> <a href="same-level">same-level</a>
[sub-level](sub/level) -> <a href="sub/level">sub-level</a>
[upper-level](../upper-level) -> <a href="../upper-level">upper-level</a>
```

See merge request !4026

Remove `wall_enabled` field from Project



See merge request !4089

Improve multiple branch push performance by memoizing permission checking

See merge request !4091

Pass trusted_proxies to action_dispatch as IPAddrs instead of strings

Without this setting your own trusted_proxies does not work.

Fixes an issue introduce in: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3524

Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/17004

See merge request !3970

If you attempt to push thousands of branches at once, the 60-second timeout
will occur because GitAccess checking does a lot of work to check if the
user has permission to push to a branch. This changes does two things:

1. Instead of making 1 DB query per branch push, use a memoized list of protected branches to check
2. Memoize what permissions the user has to perform on this project

On a test of 10,000 branch pushes, this prevents gitlab-shell from hitting the 60-second
timeout.

Closes #17225