- 09 Nov, 2016 1 commit
-
-
Stan Hu authored
-
- 08 Nov, 2016 1 commit
-
-
Douwe Maan authored
Fix for HackerOne XSS vulnerability in markdown This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153 See merge request !2015 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 03 Nov, 2016 1 commit
-
-
Rémy Coutable authored
[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 02 Nov, 2016 1 commit
-
-
Robert Speicher authored
-
- 01 Nov, 2016 3 commits
-
-
James Lopez authored
-
James Lopez authored
-
Douwe Maan authored
Use Hash rocket syntax to fix cycle analytics under Ruby 2.1 Refers to #23510 See merge request !6977
-
- 17 Oct, 2016 13 commits
-
-
Rémy Coutable authored
-
Rémy Coutable authored
Fix Safari displaying NaN for selected due date ## What does this MR do? 1. Stops using `Date.parse` to parse selected due dates. 2. Refactors DueDateSelectors to be more maintainable and readable ## Are there points in the code the reviewer needs to double check? **To review the actual fix, look here:** https://gitlab.com/gitlab-org/gitlab-ce/commit/4ad43ac3a12902d7ea01dc09f8a361b01c21a0ee. It would be difficult to pick out from the overall diff. ## Why was this MR needed? In Safari, the due date selector was displaying 'NaN' when a date is selected, which was being returned by `Date.parse`. Because `Date.parse` is implemented differently across browsers it's generally recommended to favor implicit Date parsing with the `Date` constructor. For more background on this, [see MDN on Date.parse](https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/Date/parse). Also, the code for DueDateSelector was pretty messy, and its logic was very tightly coupled, so I refactored it. None of the basic logic changed, I just broke it up into smaller pieces and made it more OO. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22984 See merge request !6797 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Stan Hu authored
Fix broken rspec in compare text !6910 changed the filter text from "Filter by branch/tag" to "Filter by Git revision" See merge request !6926
-
Dmitriy Zaporozhets authored
Fix 500 error when creating mileston from group page Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/23378 See merge request !6920
-
Stan Hu authored
Fix broken Spinach tests caused by changes in !6550 !6550 added dropdowns for the branch "from" and "to" fields, but these Spinach tests were not updated accordingly. Partial fix to #23378 See merge request !6910
-
Rémy Coutable authored
Handle case where deployment ref no longer exists ## What does this MR do? In 8.9, we didn't create keep-around refs for deployments. So it's possible that someone created a deployment (say, for testing), and then deleted the branch and all other references to that commit. That commit could then get GCed, and trying to view MRs on 8.11+ will show a 500. See https://gitlab.com/gitlab-org/gitlab-ce/issues/22655#note_16575020 for more details. ## Why was this MR needed? If someone created a deployment on 8.9, then deleted all references to the commit for that deployment, we will throw an exception when checking if the deployment includes a commit. Closes #22655. See merge request !6855 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Loads GFM once for per page ## What does this MR do? Currently the GFM init code is included every time there is a GFM form on the page. This changes that & only includes in once if any number of GFM forms are on the page. ## What are the relevant issue numbers? #22827 See merge request !6840 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Merge branch '23234-deleting-a-milestone-removes-source-branch-deletion-options-of-associated-merge-requests' into 'master' Maintain "force_remove_source_branch" options on Merge Request unless specified Fixes a problem where Merge Requests were losing the state associated with the flag to remove the source branch upon merge * Closes #23234 * Closes #23191 * Closes #19351 See merge request !6817 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Fix JS bug with select2 because of missing `data-field` attribute in select box. Fixes #23193 See merge request !6812 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Fatih Acet authored
Prevent flash alert text from being obscured when container is fluid Fixes [a regression](https://gitlab.com/gitlab-org/gitlab-ce/commit/a2af7790) that causes the text within server-initiated flash *alerts* (not flash *notices*) to be obscured when `.container-fluid` is applied. It was reported in relation to a cherry-picking flash alert, but the problem occurs with all server-initiated flash alerts contained by a fluid container. Note that as part of this fix, I combined some duplicate code and removed `.flash-text` & `.content-wrapper` selectors as they didn't seem to be necessary. I manually tested JS-initiated Flash alerts to make sure this doesn't affect their appearance. I also grepped around for anything else that might depend on these styles. Everything checked out. But... can *you* see something this is going to break? Affected users can't read flash alerts. https://gitlab.com/gitlab-org/gitlab-ce/issues/22915 See merge request !6694 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Marin Jankovski authored
Use forked github-markup gem to enable python3 support with omnibus Changes the version of `github-markup` gem we are using, to be the forked one with the changes to enable python3 support. The change is backward compatible with users using Python 2, and will only be running with Python 3 in Omnibus (with the help of a custom patch we apply there). Make sure backward compatibility isn't broken for source installs. You need to make sure you pickup into stable this merge request as well (for omnibus): https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1015 as it's part of the fix, otherwise package will fail to build. We had some regressions with .rst rendering that were fixed, but still some issues with encoding persisted (this MR will fix that). See: https://gitlab.com/gitlab-org/gitlab-ce/issues/21696 * gitlab-org/gitlab-ce#21696 * gitlab-org/gitlab-ce#22748 * gitlab-com/support-forum#1097 See merge request !6659 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Fatih Acet authored
Fixes long commit messages overflow viewport in file tree ## What does this MR do? Fixes long commit messages breaking the table. It adds back a max-width in `pixels` instead of `%`. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? To fix the overflow of the commit message ## Screenshots (if relevant) ![max_width](/uploads/73af2ffbab29bf6e9bbd9287e9e142a0/max_width.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Fixes #22544 See merge request !6573 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Jacob Schatz authored
Prevent running GfmAutocomplete setup for each diff note ## What does this MR do? Debounces GfmAutoComplete.setup. ## Why was this MR needed? See https://gitlab.com/gitlab-org/gitlab-ce/issues/22704 Major lag on MR screens with many diff notes. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [ ] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-org/gitlab-ce/issues/22704 See merge request !6569 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 11 Oct, 2016 13 commits
-
-
Stan Hu authored
[ci skip]
-
Stan Hu authored
[ci skip]
-
Stan Hu authored
Add CHANGELOG entry for 8.12.6 See merge request !6816
-
Stan Hu authored
Fix #23230: Update mailroom to 0.8.1 in Gemfile.lock ## What does this MR do? Update mailroom to 0.8.1 in Gemfile.lock ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? 8.12.5 introduced a bug which put 2 different versions of mail_room in Gemfile.lock, probably due to a merge error. ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if it does - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? #23230 Closes #23230 See merge request !6814
-
Jeroen Bobbeldijk authored
-
Rémy Coutable authored
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
API: Share projects only with groups current_user can access Aims to address the issues here: https://gitlab.com/gitlab-org/gitlab-ce/issues/23004 * Projects can be shared with non-existent groups * Projects can be shared with groups that the current user does not have access to read Concerns: The new implementation of the API endpoint allows projects to be shared with a larger range of groups than can be done via the web UI. The form for sharing a project with a group uses the following API endpoint to index the available groups: https://gitlab.com/gitlab-org/gitlab-ce/blob/494269fc92f61098ee6bd635a0426129ce2c5456/lib/api/groups.rb#L17. The groups indexed in the web form will only be those groups that the user is currently a member of. The new implementation allows projects to be shared with any group that the authenticated user has access to view. This widens the range of groups to those that are public and internal. See merge request !2005 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Don't send Private-Token headers to Sentry Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537 This bumps 'raven' (the Ruby gem we use to send errors to Sentry) to version 2.0.2. We need 2.0.0 or newer to be able to sanitize HTTP headers. See merge request !2004 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Robert Speicher authored
Add a new gitlab:users:clear_all_authentication_tokens task ## What are the relevant issue numbers? Part of #22537. See merge request !6745 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Update mail_room gem ## What does this MR do? Upgrades the mail_room gem from 0.8.0 to 0.8.1. ## Why was this MR needed? mail_room throws an exception if the watching script joins a undefined thread. Release 0.8.1 adds a check to ensure that the thread exists before calling join. Fixes gitlab-org/omnibus-gitlab#1619. See merge request !6714 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Yorick Peterse authored
Improve issue load time performance by avoiding ORDER BY in find_by call See merge request !6724 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Resolve "NameError: undefined local variable or method `request' for #<Grape::Middleware::Error:0x007fc990..." ## What does this MR do? Switches from `request` to `env` in an API helper method as the helpers are included in contexts lacking `request`. ## Are there points in the code the reviewer needs to double check? I couldn't build a reproducer for this. Closes #22820 See merge request !6615 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 05 Oct, 2016 7 commits
-
-
Ruben Davila authored
-
Ruben Davila authored
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Robert Speicher authored
Fix issues importing services via Import/Export Prevents errors when initialising services that do not have any properties set yet - case that could happen when importing projects. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22891 See merge request !6667 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Fix export project file permissions issue Fixes security concerns of https://gitlab.com/gitlab-org/gitlab-ce/issues/22757 I have just added the permissions 0700 to the creation of any of the export paths, as @jacobvosmaer suggested in https://gitlab.com/gitlab-org/gitlab-ce/issues/22757#note_16197616 After this has fixed, it could take up to 24 hours in the worse case scenario for old archives to be completely safe - This is the time `ImportExportProjectCleanupWorker` may take to remove the folders. The temporary folders will be 0700 straight away for new installations. See merge request !2003 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Douwe Maan authored
Prevent claiming associated model IDs via import On the import side, we should be careful not to use any IDs as part of the JSON file that could have been manipulated. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/20821 Things we already do (__before__ this fix): 1. Remove all primary keys 1. **Always** reassign some of the foreign keys, such as ALL project IDs and user IDs (so it would be difficult to impersonate or try to gain access to another project) 1. Ignore/reject attributes that do not exist in the model 1. If someone reassigns a foreign key `submodel_id`, and that object has another json as the submodel, the new submodel will reassign the `submodel_id` to the newly created submodel ID. Things we should do: 1. Remove/nullify any other foreign keys that we don't reassign (checked this, and there aren't many, fortunately. In fact, I don't think much harm can be done at all - at the moment). See merge request !1985 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Fix project deletion when feature visibility is set to private Projects that are destroyed are put in the pending_delete state. The ProjectDestroyWorker checks whether the current user has access, but since the ProjectFeature class uses the default scope of the Project, it will not be able to find the right project. This was a regression in 8.12 that caused the following stack trace: ``` NoMethodError: undefined method `team' for nil:NilClass from app/models/project_feature.rb:62:in `get_permission' from app/models/project_feature.rb:34:in `feature_available?' from app/models/project.rb:21:in `feature_available?' from app/policies/project_policy.rb:170:in `disabled_features!' from app/policies/project_policy.rb:29:in `rules' from app/policies/base_policy.rb:82:in `block in abilities' from app/policies/base_policy.rb:113:in `collect_rules' from app/policies/base_policy.rb:82:in `abilities' from app/policies/base_policy.rb:50:in `abilities' from app/models/ability.rb:64:in `uncached_allowed' from app/models/ability.rb:58:in `allowed' from app/models/ability.rb:49:in `allowed?' from app/services/base_service.rb:11:in `can?' from lib/gitlab/metrics/instrumentation.rb:155:in `block in can?' from lib/gitlab/metrics/method_call.rb:23:in `measure' from lib/gitlab/metrics/instrumentation.rb:155:in `can?' from app/services/projects/destroy_service.rb:18:in `execute' ``` Closes #22948 See merge request !6688 Signed-off-by: Rémy Coutable <remy@rymai.me>
-