- 24 May, 2019 40 commits
-
-
Kerri Miller authored
First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
-
Achilleas Pipinellis authored
Docs: Make wording familiar to Salesforce admins See merge request gitlab-org/gitlab-ce!28584
-
Doug Ayers authored
Use "Salesforce" (lowercase 'f') Use Salesforce help doc language to navigate setup menu Clarify to use callback url matching the GitLab installation url
-
Achilleas Pipinellis authored
Update proofreader.md See merge request gitlab-org/gitlab-ce!28649
-
Achilleas Pipinellis authored
Docs: Put back deleted HA images Closes #62261 See merge request gitlab-org/gitlab-ce!28692
-
Marcel Amirault authored
-
Clement Ho authored
I18N JS files starting with u See merge request gitlab-org/gitlab-ce!28177
-
Mike Greiling authored
Fix MR widget padding Closes #58632 See merge request gitlab-org/gitlab-ce!28472
-
Achilleas Pipinellis authored
Add source and gdk installations to components See merge request gitlab-org/gitlab-ce!28691
-
Joshua Lambert authored
-
Kamil Trzciński authored
Fix MySQL CI jobs Closes #62156 and #62151 See merge request gitlab-org/gitlab-ce!28593
-
Mayra Cabrera authored
Adds Identity#for_user for use in an EE MR See merge request gitlab-org/gitlab-ce!28697
-
Filipa Lacerda authored
Replaces a hard-coded date in the job app spec Closes #62283 See merge request gitlab-org/gitlab-ce!28709
-
Stan Hu authored
Add `memory_profiler` and `derailed_benchmarks` See merge request gitlab-org/gitlab-ce!28698
-
Mayra Cabrera authored
Clarify that /copy_metadata only works within same project See merge request gitlab-org/gitlab-ce!28671
-
Winnie Hellmann authored
-
Filipa Lacerda authored
Pull files for repository tree from GraphQL API See merge request gitlab-org/gitlab-ce!28638
-
samdbeckham authored
-
Filipa Lacerda authored
Fix height of input groups Closes #61304, #61303, #59254, and #60778 See merge request gitlab-org/gitlab-ce!28495
-
Phil Hughes authored
-
Douwe Maan authored
Group SAML docs explain metadata configuration See merge request gitlab-org/gitlab-ce!28700
-
Jan Provaznik authored
Fix milestone references with HTML entities in the name Closes #62114 See merge request gitlab-org/gitlab-ce!28667
-
Phil Hughes authored
Add support for second `config` param in GraphQL wrapper lib See merge request gitlab-org/gitlab-ce!28705
-
Kushal Pandya authored
-
Filipa Lacerda authored
Prevent icons from shrinking in User popover when contents exceed container Closes #61827 See merge request gitlab-org/gitlab-ce!28696
-
Kushal Pandya authored
-
James Edwards-Jones authored
-
Phil Hughes authored
Conformance MR for Update Visual Review Toolbar to post to MRs See merge request gitlab-org/gitlab-ce!28687
-
Phil Hughes authored
Fix border radii on diff files and repo files Closes #38483 and #38561 See merge request gitlab-org/gitlab-ce!28675
-
Sean McGivern authored
When a milestone name contained an HTML entity that would be escaped (&, <, >), then it wasn't possible to refer to this milestone by name, or use it in a quick action. This already worked for labels, but not for milestones. We take care to re-escape un-matched milestones, too.
-
Kushal Pandya authored
Style avatar component Closes gitlab-ui#252 See merge request gitlab-org/gitlab-ce!28399
-
Jacques Erasmus authored
Moved all avatar related styles to the components directory
-
Filipa Lacerda authored
Resolve "Move sign-in/2FA on users/sign_in above intro content on mobile" Closes #59987 See merge request gitlab-org/gitlab-ce!28360
-
Kamil Trzciński authored
-
Kamil Trzciński authored
Update SAST.gitlab-ci.yml - Add SAST_GITLEAKS_ENTROPY_LEVEL Closes #62179 See merge request gitlab-org/gitlab-ce!28607
-
Lucas Charles authored
This env was missing, causing the variable to not be propagated to child containers and thus, be ineffective
-
Kushal Pandya authored
i18n of batch_comments directory See merge request gitlab-org/gitlab-ce!28178
-
James Edwards-Jones authored
-
Stan Hu authored
Drop support for AUTO_DEVOPS_DOMAIN See merge request gitlab-org/gitlab-ce!28460
-
Thong Kuah authored
Even though there's no relation to the feature (it's actually about overriding template values, best to replace this with $KUBE_INGRESS_BASE_DOMAIN to avoid any potential confusion
-