Commits · 4daf3dc0dba8be985ee7d7e3e331e0468d5a72ad · nexedi / gitlab-ce

21 Aug, 2019 1 commit

Avoid exposing unaccessible repo data upon GFM processing · 4daf3dc0

Oswaldo Ferreira authored Aug 20, 2019

When post-processing relative links to absolute links
RelativeLinkFilter didn't take into consideration that
internal repository data could be exposed for users
that do not have repository access to the project.

This commit solves that by checking whether the user
can `download_code` at this repository, avoiding any
processing of this filter if the user can't.

Additionally, if we're processing for a group (
no project was given), we check if the user can
read it in order to expand the href as an extra.
That doesn't seem necessarily a breach now,
but an extra check doesn't hurt as after all
the user needs to be able to `read_group`.

4daf3dc0

19 Aug, 2019 39 commits
- Merge branch '9643-hooks-to-sync-to-jira-connect-ce' into 'master' · 50ff074e
  Mayra Cabrera authored Aug 19, 2019
```
[CE] Add hooks to sync dev info to Jira using Connect App

See merge request gitlab-org/gitlab-ce!31398
```
  50ff074e
- [CE] Add hooks to sync dev info to Jira using Connect App · 6eb39e59
  Heinrich Lee Yu authored Aug 19, 2019
  
  6eb39e59
- Merge branch '11877-public-approval-api-ee-docs' into 'master' · 070689cb
  Douwe Maan authored Aug 19, 2019
```
Doc: add project approval rule endpoints

See merge request gitlab-org/gitlab-ce!31455
```
  070689cb
- Doc: add project approval rule endpoints · 104fada7
  Mark Chao authored Aug 19, 2019
  
  104fada7
- Merge branch '10197-multiple-assignees-avatars-scrolling-bug' into 'master' · 2fa900ab
  Paul Slaughter authored Aug 19, 2019
```
Backport: Fixed sidebar assignees scrolling bug

See merge request gitlab-org/gitlab-ce!31932
```
  2fa900ab
- Merge branch 'add-js-prevent-default-on-click' into 'master' · cfc88c92
  Clement Ho authored Aug 19, 2019
```
Replace inline scripts in links to prevent default

See merge request gitlab-org/gitlab-ce!31838
```
  cfc88c92
- Merge branch '64677-delete-directory-webide' into 'master' · 0d79fe7e
  Paul Slaughter authored Aug 19, 2019
```
Fixed deletion of directories in Web IDE

Closes #64677

See merge request gitlab-org/gitlab-ce!31727
```
  0d79fe7e
- Merge branch '39-count-unique-users-for-more-accurate-smau-reporting' into 'master' · 3028cd68
  Nick Thomas authored Aug 19, 2019
```
Allow UsageData.count to use count_by:

See merge request gitlab-org/gitlab-ce!30770
```
  3028cd68
- Merge branch 'qa-backport-fix-remaining-prepend-lines' into 'master' · 4d4e88df
  Rémy Coutable authored Aug 19, 2019
```
Update qa/Dockerfile to be built from the project root context

See merge request gitlab-org/gitlab-ce!31533
```
  4d4e88df
- Merge branch '63905-discussion-expand-collapse-button-is-only-clickable-on-one-side' into 'master' · b1905a39
  Annabel Dunstone Gray authored Aug 19, 2019
```
Resolve "Discussion "expand"/"collapse" button is only clickable on one side"

Closes #63905

See merge request gitlab-org/gitlab-ce!31730
```
  b1905a39
- Merge branch '65278-cleanup-sidekiq-metrics-dir-on-start' into 'master' · c90a10dc
  Kamil Trzciński authored Aug 19, 2019
```
Clean Sidekiq metrics from multiproc dir on start

See merge request gitlab-org/gitlab-ce!31855
```
  c90a10dc
- Clean Sidekiq metrics from multiproc dir on start · dcfaf495
  Aleksei Lipniagov authored Aug 19, 2019
```
After moving the multiproc dir cleanup into `config.ru`:`warmup`, we
stopped cleaning Sidekiq metrics dir which is not correct.
This MR intended to fix that. More details:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31668
```
  dcfaf495
- Merge branch... · 1d604d49
  Rémy Coutable authored Aug 19, 2019
```
Merge branch '64630-add-warning-to-pages-domains-that-obtaining-deploying-ssl-certificates-through-let-s-encrypt-can-take-some-time' into 'master'

Resolve "Add warning to pages domains that obtaining/deploying SSL certificates through Let's Encrypt can take some time"

See merge request gitlab-org/gitlab-ce!31765
```
  1d604d49
- Merge branch '66192-remove-activerecord-sane-schema-dumper' into 'master' · 337e13e1
  Stan Hu authored Aug 19, 2019
```
Remove active_record_sane_schema_dumper gem

Closes #66192

See merge request gitlab-org/gitlab-ce!31963
```
  337e13e1
- Merge branch 'docs-update-issue_workflow' into 'master' · c0908f49
  Rémy Coutable authored Aug 19, 2019
```
Update Team labels definition in the Issue Workflow documentation

See merge request gitlab-org/gitlab-ce!31811
```
  c0908f49
- Update Team labels definition in the Issue Workflow documentation · 37b1bfca
  Rémy Coutable authored Aug 19, 2019
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  37b1bfca
- Add warning when LE certificate can't be obtained · bab522d4
  Vladimir Shushlin authored Aug 13, 2019
```
* Refactor some tests as well
```
  bab522d4
- Remove active_record_sane_schema_dumper gem · 4ee52729
  Heinrich Lee Yu authored Aug 19, 2019
```
We don't need this since this is already the default
behavior of Rails since 5.1
```
  4ee52729
- Update the 'build-qa-image' job to be built from project root context · 9a4dcd8d
  Rémy Coutable authored Aug 06, 2019
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  9a4dcd8d
- Update qa/Dockerfile to be built from the project root context · b601cfcf
  Rémy Coutable authored Aug 06, 2019
```
Signed-off-by: Rémy Coutable <remy@rymai.me>
```
  b601cfcf
- Support X_if_ee methods for QA tests · 6aa215aa
  Yorick Peterse authored Aug 01, 2019
```
For the QA tests to use the new injection methods, we must require the
initializer and ensure that the "constantize" method is available.
```
  6aa215aa
- Merge branch '13076-stage-card-ui-component-ce' into 'master' · 224db2f8
  Kushal Pandya authored Aug 19, 2019
```
Stage card ui component

See merge request gitlab-org/gitlab-ce!31580
```
  224db2f8
- Move cycle analytics stages templates to vue · 5e8f16bd
  Ezekiel Kigbo authored Aug 19, 2019
```
The existing stage list items are rendered
in haml, migrating them to vuejs for future
work.

Fix alignment of median value

Test for stage_nav_item.vue
```
  5e8f16bd
- Merge branch 'cross-link-instrumentation' into 'master' · 6f4350e4
  Evan Read authored Aug 19, 2019
```
Link to GitLab Performance Monitoring

See merge request gitlab-org/gitlab-ce!31947
```
  6f4350e4
- Merge branch 'docs-patch-72' into 'master' · 420394f9
  Evan Read authored Aug 19, 2019
```
Improve new CI job permissions model docs

See merge request gitlab-org/gitlab-ce!30696
```
  420394f9
- Improve new CI job permissions model docs · 45d69889
  Ben Bodenmiller authored Aug 19, 2019
  
  45d69889
- Merge branch 'docs-testing-guide-update' into 'master' · 40c9edf6
  Evan Read authored Aug 19, 2019
```
Docs fixup: Remove reference to old lib/api/ci dir

See merge request gitlab-org/gitlab-ce!31937
```
  40c9edf6
- Merge branch 'doc-be_like_time' into 'master' · fd3d2a68
  Evan Read authored Aug 19, 2019
```
Add `be_like_time` matcher to Testing Styleguide

See merge request gitlab-org/gitlab-ce!31833
```
  fd3d2a68
- Merge branch 'docs-update-design-management-limitations' into 'master' · e40abf97
  Evan Read authored Aug 19, 2019
```
Link more issues in Design Management Limitations

See merge request gitlab-org/gitlab-ce!31697
```
  e40abf97
- Merge branch 'docs-userid-ff' into 'master' · 69df0594
  Evan Read authored Aug 19, 2019
```
Add Documentation for Feature Flag Target Users

Closes gitlab-ee#11459

See merge request gitlab-org/gitlab-ce!31918
```
  69df0594
- Add documentation for feature flag Target Users · f45eacf0
  Jason Goodman authored Aug 19, 2019
```
Add screenshot
```
  f45eacf0
- Merge branch 'docs/migrate-cycle-analytics' into 'master' · cb604491
  Achilleas Pipinellis authored Aug 19, 2019
```
Migrate cycle analytics topic to new section

See merge request gitlab-org/gitlab-ce!31827
```
  cb604491
- Migrate cycle analytics topic to new section · 7b6888d3
  Evan Read authored Aug 19, 2019
```
Also fixes links to new section and refactors some existing content
for the GitLab 12.2 changes.
```
  7b6888d3
- Merge branch 'sh-fix-pipelines-not-being-created' into 'master' · c7d12e60
  Nick Thomas authored Aug 19, 2019
```
Fix pipelines not always being created after a push

Closes #66196

See merge request gitlab-org/gitlab-ce!31927
```
  c7d12e60
- Merge branch 'docs-update-jira-service-page-screenshot' into 'master' · 0586d420
  Evan Read authored Aug 19, 2019
```
Update docs jira service page screenshot

Closes #64778

See merge request gitlab-org/gitlab-ce!31911
```
  0586d420
- Update doc/user/project/integrations/jira.md,... · 4aa1e83b
  Kemais Ehlers authored Aug 19, 2019
```
Update doc/user/project/integrations/jira.md, doc/user/project/integrations/img/jira_service_page_v12_2.png files
Deleted doc/user/project/integrations/img/jira_service_page.png
```
  4aa1e83b
- Merge branch 'docs-quick-actions-formatting-issue-2019-08' into 'master' · 7f6eb195
  Evan Read authored Aug 19, 2019
```
Escape vertical bars inside code blocks in quick_actions.md

See merge request gitlab-org/gitlab-ce!31556
```
  7f6eb195
- Escape vertical bars inside code blocks in quick_actions.md - Markdown parsing... · 24e13c86
  Jonathan Love authored Aug 19, 2019
```
Escape vertical bars inside code blocks in quick_actions.md - Markdown parsing in previews and Gitlab.com appear to parse these as table delimiters even when inside a code block.
```
  24e13c86
- Replace inline scripts in links to prevent default · 5088e316
  Heinrich Lee Yu authored Aug 15, 2019
```
Use buttons instead of links with javascript:void(0)
```
  5088e316