- 30 Sep, 2016 1 commit
-
-
Douwe Maan authored
Prevent claiming associated model IDs via import On the import side, we should be careful not to use any IDs as part of the JSON file that could have been manipulated. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/20821 Things we already do (__before__ this fix): 1. Remove all primary keys 1. **Always** reassign some of the foreign keys, such as ALL project IDs and user IDs (so it would be difficult to impersonate or try to gain access to another project) 1. Ignore/reject attributes that do not exist in the model 1. If someone reassigns a foreign key `submodel_id`, and that object has another json as the submodel, the new submodel will reassign the `submodel_id` to the newly created submodel ID. Things we should do: 1. Remove/nullify any other foreign keys that we don't reassign (checked this, and there aren't many, fortunately. In fact, I don't think much harm can be done at all - at the moment). See merge request !1985
-
- 29 Sep, 2016 28 commits
-
-
Rémy Coutable authored
-
Rémy Coutable authored
[ci skip] Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Fix broken repo errors in the UI This should prevent repo errors (or 404s) in the UI, together with https://gitlab.com/gitlab-org/gitlab_git/merge_requests/124 The `exists?` cache is now expired if the repo gets broken. Related MR: https://gitlab.com/gitlab-org/gitlab_git/merge_requests/124 Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/20501 See merge request !6491
-
Achilleas Pipinellis authored
Fix grammar and typos in Runners pages _Originally opened at !1791 by @axil._ - - - ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !6547
-
James Lopez authored
-
Fatih Acet authored
Fixes long commit messages overflow viewport in file tree ## What does this MR do? Fixes long commit messages breaking the table. It adds back a max-width in `pixels` instead of `%`. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? To fix the overflow of the commit message ## Screenshots (if relevant) ![max_width](/uploads/73af2ffbab29bf6e9bbd9287e9e142a0/max_width.png) ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Fixes #22544 See merge request !6573
-
Filipa Lacerda authored
-
Robert Speicher authored
Fix double CHANGELOG header for 8.13 [ci skip] See merge request !6593
-
Luke "Jared" Bennett authored
-
Rémy Coutable authored
Expose project share expiration_date field on API closes #22382 See merge request !6484
-
Annabel Dunstone Gray authored
Remove instances of HTML5 input type="color" due to inconsistent browser support ## What does this MR do? `<input type="color" />` renders differently across browsers. Reverting to `type="text"` where necessary. ## Screenshots (if relevant) Safari (top) vs Chrome (bottom) ![Screen_Shot_2016-09-28_at_11.53.02_AM](/uploads/f967ed988320cbd2e4357cdfcfe7a813/Screen_Shot_2016-09-28_at_11.53.02_AM.png) See merge request !6576
-
Robert Speicher authored
Upgrade Devise from 4.1.1 to 4.2.0. This fixes an issue with Rails 5 and brings us up-to-date with the latest Devise release. It also deprecates `Devise::TestHelpers` in favor of `Devise::Test::ControllerHelpers`. Changelog: https://github.com/plataformatec/devise/blob/v4.2.0/CHANGELOG.md#420---2016-07-01 Working toward #14286, as always. See merge request !6461
-
Mike Greiling authored
-
Rémy Coutable authored
Use a ConnectionPool for Rails.cache on Sidekiq servers ## What does this MR do? On Sidekiq server we'll use a connection pool to connect to the redis store used for Rails cache. But now we're sure we're not modifying the configuration used on the lazy create Redis connection inside the connection pools. I've create a PR on [redis-activesupport](https://github.com/pacoguzman/redis-activesupport) too. @jacobvosmaer-gitlab make this easier updating the Gitlab::Redis class !6472 Closes #22364 See merge request !6468
-
Fatih Acet authored
Resolve "Resolved comments permanently hidden in Side-by-Side diff view" ## What does this MR do? / Why was this MR needed? Ensures resolved discussions are made visible when clicking "toggle comments" on Side-by-Side view diff pages. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #21535 See merge request !6575
-
Mike Greiling authored
-
Mike Greiling authored
-
Robert Speicher authored
Remove duplicate VersionInfo class This was brought over during the CI merge and already exists at `lib/gitlab/version_info.rb`. See merge request !6586
-
Rémy Coutable authored
Add '.well-known' to the list of reserved namespaces See https://gitlab.com/gitlab-org/gitlab-ce/issues/22759 See merge request !6585
-
Robert Speicher authored
This was brought over during the CI merge and already exists at `lib/gitlab/version_info.rb`.
-
Rémy Coutable authored
Expose pipeline data in builds API Exposes pipeline data in builds API, as suggested by #22367. The fields exposed were 'id', 'status', 'ref', and 'sha'. Closes #22367 See merge request !6502
-
-
Rémy Coutable authored
Remove Flog This MR removes the flog gem and its associated rake task as we use the ABC Metrics Rubocop to accomplish the same thing. There's not really any reason to have it anymore. The rest of this MR is kept for posterity and is no longer relevant. ------- After a few months of flog/flay failing silently - and now a week of them failing loudly - I think it's safe to say we don't care enough about flog/flay for them to be worth keeping. If you'd like to keep them around, speak now or forever hold your peace :) See also #17858. See merge request !6554
-
Stan Hu authored
Update warn message for MySQL fix ZD: https://gitlab.zendesk.com/agent/tickets/39529 The current warn message is ambiguous. We should mention MySQL. See merge request !6582
-
Guilherme Salazar authored
add pipeline ref, sha, and status to the build API response add tests of build API (pipeline data) change API documentation for builds API log change to builds API in CHANGELOG CHANGELOG: add reference to pull request and contributor's name
-
Connor Shea authored
-
Jacob Schatz authored
Revert "Merge branch '18297-i-would-like-text-to-wrap-when-in-edit-mode-on-web-app' into 'master'" ## What does this MR do? ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !6583
-
Jacob Schatz authored
This reverts merge request !6188
-
- 28 Sep, 2016 11 commits
-
-
Chris Wilson authored
-
Robert Speicher authored
Merge branch '22352-cannot-install-gitlab-shell-on-ubuntu-server-with-no-previous-gitlab-install' into 'master' Correct gitlab-shell installation instructions in docs ## Why was this MR needed? With the introduction of repository storages validations it becomes necessary to add the flag `SKIP_STORAGE_VALIDATION` to the gitlab-shell install command, since that command will create the storage paths ## What are the relevant issue numbers? Closes #22352 [ci skip] See merge request !6579
-
Alejandro Rodríguez authored
With the introduction of repository storages validations it becomes necessary to add the flag `SKIP_STORAGE_VALIDATION` to the gitlab-shell install command, since that command will create the storage paths
-
Fatih Acet authored
Add Pipelines for Commit ## What does this MR do? This adds a Pipelines for Commit. I used existing view that we use to show pipelines. However, this is completely ugly with a lot of redundancy. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ![Screen_Shot_2016-09-13_at_13.43.38](/uploads/0ac6e7d4825e32dba7ff7ab051da837c/Screen_Shot_2016-09-13_at_13.43.38.png) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Resolves https://gitlab.com/gitlab-org/gitlab-ce/issues/18937 See merge request !6322
-
Douwe Maan authored
Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called ## What does this MR do? Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present. This was causing a lot of 401s, leading to 403s, as state in #22527 As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error. Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues. ## What are the relevant issue numbers? Fixes #22527 cc @SeanPackham @jacobvosmaer-gitlab See merge request !6551
-
Patricio Cano authored
Reset expiry time of token, if token is retrieved again before it expires.
-
Douwe Maan authored
Merge branch '22592-can-set-due-date-through-slash-commands-even-though-i-m-not-authorized-to' into 'master' Fix permission for setting an issue's due date ## What does this MR do? This merge request ensure the current user can `:admin_issue` in order to change the issue's `due_date`, in `BaseIssuableService` and in `SlashCommands::InterpretService`. Closes #22592 ## Are there points in the code the reviewer needs to double check? No. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !6539
-
Achilleas Pipinellis authored
Fix typo `CSFR` -> `CSRF` in the OAuth2 doc See merge request !6538
-
Fatih Acet authored
Added soft wrap option to editor ## What does this MR do? Adds a `Soft wrap` button to the editor, when clicked, it wraps the text in the editor and changes to `No wrap`, then when clicked, it unwraps the text in the editor. This will also detect files with no extension, `.txt` or `.md` and proactively set the soft wrap. **Unless**, you explicitly toggle the soft wrap, then it will stop checking the file path and will stay with the users explicit preference. ## Are there points in the code the reviewer needs to double check? We should talk about the `.txt` and `.md` thing, [I'm not sure if its a good approach](https://gitlab.com/gitlab-org/gitlab-ce/issues/18297#note_14918218). ## Why was this MR needed? ## Screenshots (if relevant) https://youtu.be/8LW5nQsraSM #### No wrap ![Screen_Shot_2016-09-02_at_19.54.54](/uploads/97f2d1b2d415d03fe1b0be0640ab12e0/Screen_Shot_2016-09-02_at_19.54.54.png) #### Soft wrap ![Screen_Shot_2016-09-02_at_19.54.45](/uploads/5af425587ce7198e015cce58440971b9/Screen_Shot_2016-09-02_at_19.54.45.png) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #18297 See merge request !6188
-
Fatih Acet authored
-
Luke Bennett authored
-