diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-25 10:39:12 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-25 10:39:12 +0000 |
| commit | 69285c21c375240a290722a42befee788fa72f57 (patch) | |
| tree | cf0aac294592afb6ec4449cf7174514fe12ff377 /app | |
| parent | fee6e478d6ffa548d9c39e2aafb452507a41124b (diff) | |
| parent | ff06452e05b1191ce8649ae6a9e646341ab073ba (diff) | |
| download | gitlab-ce-69285c21c375240a290722a42befee788fa72f57.tar.gz | |
Merge branch 'security-issue_2830' into 'master'
Prevent leaking information when issue is moved
Closes #2830
See merge request gitlab/gitlabhq!3050
Diffstat (limited to 'app')
| -rw-r--r-- | app/views/projects/issues/show.html.haml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/projects/issues/show.html.haml b/app/views/projects/issues/show.html.haml index 0bf664d5b66..715c36fa9aa 100644 --- a/app/views/projects/issues/show.html.haml +++ b/app/views/projects/issues/show.html.haml @@ -15,7 +15,7 @@ .issuable-status-box.status-box.status-box-issue-closed{ class: issue_button_visibility(@issue, false) } = sprite_icon('mobile-issue-close', size: 16, css_class: 'd-block d-sm-none') .d-none.d-sm-block - - if @issue.moved? + - if @issue.moved? && can?(current_user, :read_issue, @issue.moved_to) - moved_link_start = "<a href=\"#{issue_path(@issue.moved_to)}\" class=\"text-white text-underline\">".html_safe - moved_link_end = '</a>'.html_safe = s_('IssuableStatus|Closed (%{moved_link_start}moved%{moved_link_end})').html_safe % {moved_link_start: moved_link_start, |