- 10 Dec, 2015 1 commit
-
-
Robert Speicher authored
Enable Devise paranoid mode and ensure the returned message is the same every time. This will prevent user enumeration (low impact). Prior to this change a user could type an email in the password reset field and if the email didn't exist it returned an error. If the email was valid it returned a message saying the forgot password link had been emailed. After this change the user will receive a message that if the email is in our database the reset link will be emailed. I also changed the throttle mechanism so it still works the same but now returns the exact same message as above. Previously it would say 'You've already sent a request. Wait a few minutes'. This also allows user enumeration, although it requires a double-check. Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624 See merge request !2044
-
- 09 Dec, 2015 1 commit
-
-
Robert Speicher authored
Use YAML.safe_load See merge request !1941
-
- 08 Dec, 2015 1 commit
-
-
Douwe Maan authored
Fix 500 error when creating a merge request that removes a submodule Fixes #3476 See merge request !1989
-
- 07 Dec, 2015 4 commits
-
-
Robert Speicher authored
[ci skip]
-
Grzegorz Bizon authored
Fix problems with award-emoji-only comment This fixes a conflict between note with only a single emoji in content and award-emojis mechanisms. Closes #3734 cc @vsizov See merge request !1936
-
Valery Sizov authored
Add added, modified and removed properties to commit object in webhook https://gitlab.com/gitlab-org/gitlab-ee/issues/20 See merge request !1988
-
Douwe Maan authored
Fix Error 500 when creating global milestones with Unicode characters Two issues: 1. The constraints in the resources were incorrect. Here's what it was before: ``` group_milestone GET /groups/:group_id/milestones/:id(.:format) groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/} ``` In this case, id is actually the title of the milestone, which can be anything at the moment. After: ``` group_milestone GET /groups/:group_id/milestones/:id(.:format) groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/} ``` 2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like: ``` ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]): ``` This change uses the babosa library to create a better slug, which surprisingly isn't actually used by the global milestone controllers. Instead, they use the title passed as a query string for some reason. Closes https://github.com/gitlabhq/gitlabhq/issues/9881 See merge request !1983
-
- 05 Dec, 2015 1 commit
-
-
Job van der Voort authored
fixed the documentation of the Guest role in permission.md This MR fixes the documentation of the Guest role. closes gitlab-org/gitlab-ce#3777 [ci skip] See merge request !1952
-
- 04 Dec, 2015 1 commit
-
-
Dmitriy Zaporozhets authored
Fix application settings cache not expiring after changes cache_key is an instance method that relies on updated_at. When changes were made, the time-dependent key was being used instead of X.application_setting.last. Closes #3609 See merge request !1972
-
- 02 Dec, 2015 2 commits
-
-
Robert Speicher authored
-
Dmitriy Zaporozhets authored
Show Gmail actions links only on expected set of emails See merge request !1901
-
- 01 Dec, 2015 1 commit
-
-
Robert Speicher authored
Install gitlab-shell 2.6.8 in installations from source [ci skip] See merge request !1932
-
- 30 Nov, 2015 5 commits
-
-
Valery Sizov authored
Fire update hook from GitLab https://gitlab.com/gitlab-org/gitlab-ce/issues/3069 See merge request !1882
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
See merge request !1916
-
Dmitriy Zaporozhets authored
Fix Error 500 when viewing user's personal projects from admin page This is a regression introduced in 4d7f00fd. Closes #3680 Closes https://github.com/gitlabhq/gitlabhq/issues/9861 Closes gitlab-org/gitlab-ee#90 See merge request !1909
-
-
- 27 Nov, 2015 3 commits
-
-
Robert Speicher authored
-
Douwe Maan authored
-
Robert Speicher authored
Nginx workhorse upload limit See merge request !1919
-
- 25 Nov, 2015 4 commits
-
-
Jacob Vosmaer authored
-
Dmitriy Zaporozhets authored
Bump gitlab-shell to 2.6.8 in stable Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> For gitlab/gitlabhq#2635 See merge request !1940
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
Robert Speicher authored
Maybe rescue session_expire_delay by setting a default value. Related to gitlab-org/omnibus-gitlab#956 See merge request !1880
-
- 24 Nov, 2015 1 commit
-
-
Dmitriy Zaporozhets authored
Update required version of lfs client and separate the docs for users and admins. See merge request !1855
-
- 23 Nov, 2015 4 commits
-
-
Robert Speicher authored
Expose artifacts path This fixes broken artifacts storage path. Fixes #3607 Fixes #3608 Related: gitlab-org/omnibus-gitlab!544 See merge request !1869
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
Fix 500 when using CI - Fix for Ci::Build state machine, allowing to process builds without the project - Forcefully update builds that didn't want to update with state machine - Fix saving GitLabCiService as Admin Template Fixes #3556 See merge request !1873
-
Robert Speicher authored
Fix CSS styling for clipboard icon in new MR page Closes #3602 See merge request !1870
-
- 22 Nov, 2015 5 commits
-
-
Robert Speicher authored
-
Robert Speicher authored
Emoji bug: Invalid url to image Closes #3591 See merge request !1868
-
Dmitriy Zaporozhets authored
Handle removed source projects in MR CI commits Fixes #3599 @dzaporozhets assigning this to you since you wrote the original code. Perhaps checking for the source project isn't the right way, but I'm not sure if there's a better way (e.g. somewhere earlier in the process) that we can detect this. See merge request !1859
-
Robert Speicher authored
Add upvote/downvote fields to merge request and note API to preserve compatibility As discussed in !1825 we should not break the API compatibility. * This MR adds the fields `upvotes`/`downvotes` to the merge request API again, which always return `0`. * Add the fields `upvote`/`downvote` to the notes API, which always return `false` This behavior is documented in the API docs. See merge request !1867
-
Stan Hu authored
Make tag API for release feature consistent Make tags API consistent with other tags methods. This changes the endpoint from `PUT /projects/:id/repository/:tag/release` to `PUT /projects/:id/repository/tags/:tag_name/release`. On thing the API is still missing, is an error if the tag does not exist. Right now it returns 200 even the tag does not exist. I'll fix that such it returns 404. @stanhu Can you review? @rspeicher This MR should go into 8.2 See merge request !1864
-
- 21 Nov, 2015 6 commits
-
-
Robert Speicher authored
Award Emoji: fix for merge requests Closes #3597 See merge request !1865
-
Robert Speicher authored
[ci skip]
-
Robert Speicher authored
Remove accidentally added line. Reference: #3598 See merge request !1858
-
Stan Hu authored
Fix Drone web hook URL not being updated Fixes regression of !1774: fixes Drone Web hook for both service templates and project services. See merge request !1856
-
Robert Speicher authored
Use award emoticons in GitLab workflow Remove the old voting slides and use the emoji bar. [ci skip] See merge request !1863
-
Robert Speicher authored
Add tags page to readme The tags page was separated for the release feature but not to the index readme. [ci skip] See merge request !1861
-