Commits · f161f1adb18d4d593a9597d50ac72a814cde0517 · Léo-Paul Géneau / gitlab-ce

04 Sep, 2017 1 commit
- Merge branch 'fix-escape-commit-block' into 'security-9-5' · f161f1ad
  Douwe Maan authored Sep 04, 2017
```
[9.5] Prevent a persistent XSS in the commit author block

See merge request gitlab/gitlabhq!2180
```
  f161f1ad
01 Sep, 2017 1 commit

Unmark the commit author/committer link as HTML-safe · bbe836b2

Robert Speicher authored Sep 01, 2017

We now make use of the `content_tag` helper so that the untrusted input
is escaped and the trusted output is then automatically safe. When we
don't need to wrap the name in a `span` tag (when `avatar` is falsey),
it's treated as unsafe by default, so no further sanitization/escaping
is necessary.

bbe836b2

31 Aug, 2017 3 commits
- Merge branch 'rs-issue-36098' into 'security-9-5' · 8649d1fc
  Robert Speicher authored Aug 31, 2017
```
[9.5] Limit `style` attribute on `th` and `td` elements to specific properties

See merge request gitlab/gitlabhq!2155
```
  8649d1fc
- Update commits_helper.rb to use sanitize instead of simple_sanitize · 65649b9f
  Tim Zallmann authored Aug 31, 2017
  
  65649b9f
- Merge branch '36743-existing-repo-9-5' into 'security-9-5' · fc2f48ac
  Douwe Maan authored Aug 31, 2017
```
[9.5] Prevent project creation (blank, import or fork) when repository already exists on disk

See merge request gitlab/gitlabhq!2170
```
  fc2f48ac
30 Aug, 2017 2 commits
- Merge branch 'rs-issue-36104' into 'security-9-5' · 40ed2163
  Douwe Maan authored Aug 30, 2017
```
[9.5] Disallow the `name` attribute on all user-provided markup

See merge request gitlab/gitlabhq!2166
```
  40ed2163
- Fixes Username Value Exposing · 285fadcb
  Tim Zallmann authored Aug 30, 2017
  
  285fadcb
29 Aug, 2017 3 commits
- resolve conflicts from 4c7449e4 · e7757486
  Simon Knox authored Aug 29, 2017
  
  e7757486
- fix transient test failures caused by wrong dropdown trigger · 2bff6c10
  Simon Knox authored Aug 28, 2017
  
  2bff6c10
- Merge branch 'race-condition-in-project-uploads-fix-9-4' into 'security-9-4' · 4c7449e4
  Sean McGivern authored Jul 24, 2017
```
Fixes race condition in project uploads

See merge request !2141
```
  4c7449e4
28 Aug, 2017 9 commits
- Merge branch 'dm-go-get-xss' into 'security-9-3' · f4a4aa0d
  Robert Speicher authored Jun 29, 2017
```
Fix XSS issue in go-get handling

See merge request !2128
```
  f4a4aa0d
- Merge branch '9-5-stable' into security-9-5 · ade602fd
  Simon Knox authored Aug 29, 2017
  
  ade602fd
- Fix seed_fu for MySQL · 5f9ede88
  Gabriel Mazetto authored Aug 28, 2017
  
  5f9ede88
- Fix import_file_spec · 3797d160
  Gabriel Mazetto authored Aug 28, 2017
  
  3797d160
- Fix seed_fu · be734cef
  Gabriel Mazetto authored Aug 28, 2017
  
  be734cef
- Prevent new / renamed project from using a repository path that already exists on disk · 29edaa1a
  Gabriel Mazetto authored Aug 23, 2017
```
There are some redundancies in the validation steps, and that is to
preserve current error messages behavior

Also few specs have to be changed in order to fix madness in validation
logic.
```
  29edaa1a
- Merge branch 'fix-user-select-dropdown-escaping' into 'security-9-5' · a587bf29
  Clement Ho authored Aug 28, 2017
```
Fixes the User Selection Display (9.5)

See merge request gitlab/gitlabhq!2177
```
  a587bf29
- Update VERSION to 9.5.2 · ab974152
  Jose Ivan Vargas authored Aug 28, 2017
  
  ab974152
- Update CHANGELOG.md for 9.5.2 · 9b039684
  Jose Ivan Vargas authored Aug 28, 2017
```
[ci skip]
```
  9b039684
27 Aug, 2017 1 commit
- Merge branch 'sh-system-hooks-ldap-users' into 'master' · 7e7d2524
  Grzegorz Bizon authored Aug 27, 2017
```
Fire system hooks when a user is created via LDAP or OAuth

Closes #37073

See merge request !13846
```
  7e7d2524
26 Aug, 2017 1 commit
- Merge branch '9-5-stable' into security-9-5 · fd60f374
  Gabriel Mazetto authored Aug 27, 2017
  
  fd60f374
25 Aug, 2017 8 commits
- Merge branch 'fix-old-mr-diffs' into 'master' · 9031bb47
  Douwe Maan authored Aug 24, 2017
```
Fix old MR diffs

Closes #36516

See merge request !13744
```
  9031bb47
- Merge branch 'fix-push-events-branch-removals' into 'master' · f7d04e34
  Sean McGivern authored Aug 23, 2017
```
Fix displaying events of removed events and events without commit messages

Closes #36685 and #36722

See merge request !13721
```
  f7d04e34
- Merge branch 'remove-tooltip-filtered-search-user' into 'master' · 5cd8b331
  Tim Zallmann authored Aug 23, 2017
```
Remove tooltip from filtered search user

Closes #36696

See merge request !13752
```
  5cd8b331
- Merge branch 'zj-fix-fe-blank-button' into 'master' · 24e2c39f
  Clement Ho authored Aug 23, 2017
```
Fix blank button not resetting project template value

Closes #36816

See merge request !13757
```
  24e2c39f
- Merge branch 'fix/gitlay-raw-blame-request-encoding' into 'master' · fcbca7d9
  Robert Speicher authored Aug 23, 2017
```
Properly encode Gitaly RawBlame request params

See merge request !13764
```
  fcbca7d9
- Merge branch 'dm-ldap-adapter-attributes' into 'master' · ccdc2604
  Robert Speicher authored Aug 23, 2017
```
Support simple string LDAP attribute specifications, and search for name rather…

Closes #36841

See merge request !13776
```
  ccdc2604
- Merge branch '36709-gpg-status' into 'master' · 844dd34a
  Clement Ho authored Aug 23, 2017
```
Fix alignment of gpg status

Closes #36709

See merge request !13772
```
  844dd34a
- Merge branch '36589-hide-group-name-on-collapse' into 'master' · 4c477418
  Clement Ho authored Aug 24, 2017
```
Hide group title on sidebar collapse; use more generic class for titles

Closes #36589

See merge request !13777
```
  4c477418
24 Aug, 2017 6 commits
- Merge branch 'rs-stub-storage-availability-check' into 'master' · bc70d156
  Douwe Maan authored Aug 23, 2017
```
Stub `ForkedStorageCheck.storage_available?` by default in all specs

See merge request !13726
```
  bc70d156
- Merge branch 'fix-broken-testing-of-some-integrations' into 'master' · 23eae7ed
  Douwe Maan authored Aug 23, 2017
```
Fix inability to test some project integrations

Closes gitlab-ee#3194

See merge request !13729
```
  23eae7ed
- Merge branch '36496-badges-should-not-be-huge' into 'master' · e9c4fe9f
  Clement Ho authored Aug 22, 2017
```
Resolve "Badges should not be HUGE"

Closes #36496

See merge request !13635
```
  e9c4fe9f
- Fixes the User Selection Display · ae321c89
  Tim Zallmann authored Aug 24, 2017
  
  ae321c89
- Merge branch 'update-pages-9-5' into 'security-9-5' · b01f5e85
  Douwe Maan authored Aug 24, 2017
```
Update GitLab Pages (9.5)

See merge request !2159
```
  b01f5e85
- Merge branch '9-5-stable' into security-9-5 · 667917ab
  Gabriel Mazetto authored Aug 24, 2017
  
  667917ab
23 Aug, 2017 3 commits
- Update VERSION to 9.5.1 · c47ae372
  Simon Knox authored Aug 23, 2017
  
  c47ae372
- Update CHANGELOG.md for 9.5.1 · 760b45f0
  Simon Knox authored Aug 23, 2017
```
[ci skip]
```
  760b45f0
- Merge branch '9-5-stable' into security-9-5 · f024f7ef
  Gabriel Mazetto authored Aug 23, 2017
  
  f024f7ef
22 Aug, 2017 2 commits
- Include missing Gitlab::GitalyClient.encode method in 9-5-stable · 72f26255
  Alejandro Rodríguez authored Aug 22, 2017
  
  72f26255
- Merge branch 'fix/gb/fix-head-pipeline-when-pipeline-has-errors' into 'master' · 613a02b4
  Kamil Trzciński authored Aug 21, 2017
```
Fix merge request head pipeline when pipeline has errors

Closes #36657

See merge request !13664
# Conflicts:
#	spec/services/ci/create_pipeline_service_spec.rb
```
  613a02b4