- 25 Apr, 2016 20 commits
-
-
Robert Speicher authored
Prevent XSS via custom issue tracker URL Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15437 See merge request !1955
-
Robert Speicher authored
Prevent information disclosure via new merge request page Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15591. See merge request !1963
-
Robert Speicher authored
Prevent privilege escalation via "impersonate" feature Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15548 See merge request !1956
-
Robert Speicher authored
Prevent information disclosure via snippet API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15580 See merge request !1958
-
Jacob Schatz authored
Fixes XSS injection REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15434 **Without the fix** ![xss1](/uploads/0a7b0b15fb87066965a7c73f1dbaa815/xss1.gif) **With the fix** ![xss2](/uploads/473cfa0aa80656f24c58aebf1fd97fff/xss2.gif) See merge request !1952
-
Robert Speicher authored
Fixes window.opener bug Adds `noreferrer` value to rel attribute for external links REF: https://gitlab.com/gitlab-org/gitlab-ce/issues/15331 See merge request !1953
-
Jacob Schatz authored
Triggers blur after clicking award button ![blur](/uploads/6cd53a5ac314e8048c656685935747e2/blur.gif) Fixes #15511 See merge request !3881
-
Jacob Schatz authored
Fixed issue with project dropdown links not being clickable See merge request !3870
-
Dmitriy Zaporozhets authored
Fixed issue with assignee object not being returned Closes #15515 See merge request !3877
-
Rémy Coutable authored
Add posibility to define a hidden job without 'script' in .gitlab-ci.yml References #15451 /cc @ayufan See merge request !3849
-
Yorick Peterse authored
Fix Error 500 due to stale cache when projects are renamed or transferred See merge request !3865
-
Rémy Coutable authored
Fix license detection to detect all license files, not only known licenses Fixes #15470. See merge request !3878
-
Robert Speicher authored
Refactor Todos feature spec to be faster and less brittle We now only create two Todos instead of 21 when testing pagination, and we've updated the test to be less brittle when dealing with slower CI environments. See merge request !3889
-
Robert Speicher authored
Use the `can?` helper instead of `current_user.can?` Fixes #15513. See merge request !3882
-
Jacob Schatz authored
Allow middle-click on a Todo row to open in a new tab See merge request !3899
-
Achilleas Pipinellis authored
Add --tags to fetching gitlab-shell to ensure tags are downloaded Closes #15525 See merge request !3896
-
Jacob Schatz authored
Correctly escapes label title in filters Fixes #15522 See merge request !3880
-
Robert Speicher authored
Move cherry-pick feature specs to proper directory Cherry pick feature specs were located in `spec/feature/project` directory while we have `spec/feature/projects`. Later location is consistent with our namespaces (we have `Projects::` namespace, not `Project::`). See merge request !3875
-
Achilleas Pipinellis authored
Bump gitlab-shell to 2.7.2 Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15525 See merge request !3884
-
Jacob Schatz authored
Don't break line in middle of word <img src="/uploads/cceb1a4212ff7785ace03cd6468edf85/Screen_Shot_2016-04-21_at_3.32.00_PM.png" width="500px"> See merge request !3864
-
- 22 Apr, 2016 9 commits
-
-
Yorick Peterse authored
-
Yorick Peterse authored
[ci skip]
-
Rémy Coutable authored
Allow filtering by Owned projects on dashboard page Closes #3799 ![Screen_Shot_2016-04-15_at_9.40.52_PM](/uploads/440498c5647bda282304891307931a02/Screen_Shot_2016-04-15_at_9.40.52_PM.png) See merge request !3762
-
Achilleas Pipinellis authored
Add newest enhancements to GH importer docs [ci skip] See merge request !3867
-
Achilleas Pipinellis authored
Use new Note styleguide See merge request !3866
-
Robert Speicher authored
Fixes text color on labels in sidebar Previously the labels in the sidebar would just have `#FFF` text color which could cause problems with a light background color. With this, the text color comes from the JSON. See merge request !3846
-
Rémy Coutable authored
Always read diff_view setting from the cookie Prior, when the user had their view set to "parallel" and then visited a merge request's changes tab _without_ passing the `view` parameter via query string, the view would be parallel but the `Notes` class was always instantiated with the default value from `diff_view` ("inline"), resulting in broken markup when the form to add a line note was dynamically inserted. The cookie is set whenever the view is changed, so this value should always be up-to-date. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14557 and https://gitlab.com/gitlab-org/gitlab-ce/issues/15285 See merge request !3732
-
Robert Speicher authored
Improved email confirmation UX Closes #4228 See merge request !3184
-
Grzegorz Bizon authored
Fix vulnerability that leaks private labels and milestones ## Summary This fixes vulnerability that leaks information about private labels and milestones because of insecure direct object reference in issueable create service. This affects merge requests and issues. See https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 ## Fix This MR introduces additional check that rejects labels and milestone that does not belong to the same project issue/merg request does. ## Further work `IssuableBaseService` may benefit from encapsulating filters in separate class/module, which then may improve coherency in this class. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 See merge request !1954
-
- 21 Apr, 2016 11 commits
-
-
Jacob Schatz authored
Remove float from blame link icon Closes #15413 <img src="/uploads/af6aea9102e1b42e5e92783ce818863c/Screen_Shot_2016-04-21_at_1.57.56_PM.png" width="200px"> See merge request !3861
-
Rémy Coutable authored
Instrument Gitlab::GitAccess/GitAccessWiki See merge request !3859
-
Robert Speicher authored
Fix undefined local variable error in Invalid MR template Closes #15408 See merge request !3857
-
Jacob Schatz authored
File name change appears on one line Closes #15445 <img src="/uploads/51714555be63af16b810cf528de49192/Screen_Shot_2016-04-21_at_9.22.43_AM.png" width="500px"> See merge request !3854
-
Jacob Schatz authored
Fixed issue with author link color on dark diffs Correctly added a color to the author link ![Screen_Shot_2016-04-21_at_08.55.05](/uploads/ffa9e12e868c7b71fa4dd9244114274a/Screen_Shot_2016-04-21_at_08.55.05.png) Fixes #15444 See merge request !3847
-
Achilleas Pipinellis authored
Refactor the update documentation See merge request !3822
-
Jacob Schatz authored
Fixes "create label" functionality on label dropdown **Issue sidebar** ![label_dropdown](/uploads/2a056136fc88626530fc275ded0c2aa3/label_dropdown.gif) **Issues page** ![label_dropdown_issues](/uploads/965fd20f5b206499e9b11a64556c5240/label_dropdown_issues.gif) See merge request !3670
-
Yorick Peterse authored
Remove the `.distinct` when finding issues See merge request !3858
-
Yorick Peterse authored
Disable 'repository check' feature in 8.7.0 See merge request !3856
-
Yorick Peterse authored
Removed JS update templates See merge request !3814
-
Douwe Maan authored
Filter labels by including ALL filter titles Fixed query to use `AND` and not `OR`. Refactored relevant specs See merge request !3815
-