- 30 Jun, 2016 2 commits
-
-
Lin Jen-Shin authored
There's little point to cut that down.
-
Lin Jen-Shin authored
Feedback from: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4961#note_12794221
-
- 29 Jun, 2016 1 commit
-
-
Lin Jen-Shin authored
If we're using `can?` it would look weird to use 409
-
- 28 Jun, 2016 6 commits
-
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
And show information about locked status. Help! This looks bad :o
-
Lin Jen-Shin authored
Because invalid actions shouldn't be shown on the page.
-
Lin Jen-Shin authored
The regression was introduced by: https://gitlab.com/gitlab-org/gitlab-ce/commit/1b8f52d9206bdf19c0dde04505c4c0b1cf46cfbe I did that because there's a test specifying that a shared runner cannot be enabled, in the API. So I assume that is the case for non-admin, but admins should be able to do so anyway. Also added a test to make sure this won't regress again. Closes #19039
-
- 27 Jun, 2016 31 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Rename Licenses API to License Templates API ## What does this MR do? Earlier I renamed this in EE, thinking license templates was an EE-only feature. This backports that change to CE. Thanks to @vsizov for pointing out this error. See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/400 for the EE merge request. See merge request !4957
-
Drew Blessing authored
-
Douwe Maan authored
Check for conflict with wiki projects when creating a new project. ## What does this MR do? Check for conflict with wiki projects when creating a new project ## Are there points in the code the reviewer needs to double check? No ## Why was this MR needed? To avoid exposing the information from the wiki repository of other project ## What are the relevant issue numbers? #18398 ## Screenshots (if relevant) ![Screen_Shot_2016-06-24_at_6.03.49_PM](/uploads/7bf55e5159bf0c2b653b8f4f941f72fc/Screen_Shot_2016-06-24_at_6.03.49_PM.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4918
-
Robert Speicher authored
Fix visibility of snippets when searching Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18997 See merge request !1972
-
Robert Speicher authored
Fix an information disclosure when requesting access to a group containing private projects Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19102. The commit speaks for itself: Fix an information disclosure when requesting access to a group containing private projects The issue was with the `User#groups` and `User#projects` associations which goes through the `User#group_members` and `User#project_members`. Initially I chose to use a secure approach by storing the requester's user ID in `Member#created_by_id` instead of `Member#user_id` because I was aware that there was a security risk since I didn't know the codebase well enough. Then during the review, we decided to change that and directly store the requester's user ID into `Member#user_id` (for the sake of simplifying the code I believe), meaning that every `group_members` / `project_members` association would include the requesters by default... My bad for not checking that all the `group_members` / `project_members` associations and the ones that go through them (e.g. `Group#users` and `Project#users`) were made safe with the `where(requested_at: nil)` / `where(members: { requested_at: nil })` scopes. Now they are all secure. See merge request !1973
-
Robert Speicher authored
Use `have_http_status` matcher where possible See merge request !4955
-
Robert Speicher authored
Fix rendering of commit notes See merge request !4953
-
Ruben Davila authored
This fix avoids exposing the information from the wiki repository of other project.
-
Z.J. van de Weg authored
-
Jacob Schatz authored
Made the search bar on emoji menu sticky ## What does this MR do? When scrolling down the emoji menu, the search bar disappears. For better UX, the search bar no stays at the top when scrolling. ## Screenshots (if relevant) ![emoji-sticky](/uploads/a5b4773547d3d67342ddcfc07c8f1568/emoji-sticky.gif) See merge request !4743
-
Douwe Maan authored
-
Douwe Maan authored
-
Stan Hu authored
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml ## What does this MR do? Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951
-
Robert Speicher authored
Correctly return todo ID after creating todo See merge request !4941
-
Fatih Acet authored
Remove duplicate new page btn from edit wiki ## What does this MR do? Removes duplicate button on wiki page ## What are the relevant issue numbers? Closes #19075 ## Screenshots (if relevant) ![Screen_Shot_2016-06-24_at_9.45.28_AM](/uploads/8dca96c3e75b428d63acaaba6dede9a6/Screen_Shot_2016-06-24_at_9.45.28_AM.png) ![Screen_Shot_2016-06-24_at_9.45.57_AM](/uploads/e6ea97b07e48d2fe6f108d8c5a943583/Screen_Shot_2016-06-24_at_9.45.57_AM.png) See merge request !4904
-
Stan Hu authored
Mention gmake Fixes https://gitlab.com/gitlab-org/gitlab-workhorse/issues/46 See merge request !4945
-
Fatih Acet authored
Fix check for existence of New Branch button on Issue page ## What does this MR do? The condition in [`initCanCreateBranch`][initCanCreateBranch] mistakenly checks `$container` (the New Branch button) for falsy. However JQuery returns an empty array if no matching element was found, so this condition is never met. ## Why was this MR needed? The wrong condition causes: * `$.getJSON($container.data('path'))` to be called where `$container.data('path')` is `undefined` * in this case `$.getJSON` uses `location.href` * if the current page has a JSON representation, it is fetched and cached by browser and displayed the next time the page is visited (#17365) * otherwise "Failed to check if new branch can be created" is displayed (#17264) ## What are the relevant issue numbers? Fixes #17264 and #17365. [initCanCreateBranch]: https://gitlab.com/gitlab-org/gitlab-ce/blob/v8.8.4/app/assets/javascripts/issue.js.coffee#L102 See merge request !4630
-
Annabel Dunstone authored
-
Annabel Dunstone authored
-
Annabel Dunstone authored
-
Annabel Dunstone authored
-
Jacob Schatz authored
Revert Subresource Integrity pending a fix for Firefox's incorrect hashing implementation. Per the discussion in #18230, Firefox support is broken :( cc: @jschatz1 See merge request !4943
-
Phil Hughes authored
-
Patricio Cano authored
-
winniehell authored
-
Rémy Coutable authored
Better debugging for memory killer middleware This adds more info to the warning messages output by `MemoryKiller`. Previously only the PID was showed, making it difficult to debug issues like https://gitlab.com/gitlab-org/gitlab-ce/issues/19124 This adds the worker class and job ID to the log messages. See merge request !4936
-
Rémy Coutable authored
Image sizing ## What does this MR do? Limits image height to fit the screen. The wrapping div is so the image is guaranteed to be a block element without the link area growing to be larger than the image itself. ## Are there points in the code the reviewer needs to double check? Make sure this can't be done in a more performant or concise way with Banzai. ## Why was this MR needed? Images were displayed at their full resolution, which made it difficult to read issues when the image height was greater than the viewport height (see #18861). ## What are the relevant issue numbers? Fixes #18861. ## Screenshots (if relevant) Before: ![Screen_Shot_2016-06-20_at_3.25.26_PM](/uploads/158424375ade95adcd337ccd34c48747/Screen_Shot_2016-06-20_at_3.25.26_PM.png) After: ![Screen_Shot_2016-06-20_at_3.24.57_PM](/uploads/f1a3b5f6442e4e3b1067332a547fb1c8/Screen_Shot_2016-06-20_at_3.24.57_PM.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) cc: @jschatz1 @dzaporozhets @rspeicher See merge request !4810
-
Patricio Cano authored
-
James Lopez authored
-
Rémy Coutable authored
Test templates and GitLabCI parser againts each other ## What does this MR do? Test the available templates against the preprocessor and vice versa ## Are there points in the code the reviewer needs to double check? The dynamic creation of tests seems a little hacked. Is there a cleaner way? ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added -- Seems unneeded - [x] All builds are passing - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) See merge request !4898
-