summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Backport select_helper from EEbackport_changes_from_eeValery Sizov2016-04-202-15/+12
|
* Merge branch 'pmq20/gitlab-ce-issue_12785'Douwe Maan2016-04-1926-80/+390
|\
| * Add support to cherry-pick any commitP.S.V.R2016-04-1826-80/+390
| | | | | | | | | | Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/12785 Merge Request: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3514
* | Merge branch 'mr-formatting' into 'master' Robert Speicher2016-04-1924-36/+37
|\ \ | | | | | | | | | | | | | | | | | | use ! rather than # for merge request references Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15278 See merge request !3740
| * | format merge request references properlyBen Bodenmiller2016-04-1824-36/+37
| | |
* | | Merge branch '14566-confidential-issue-branches' into 'master' Robert Speicher2016-04-194-15/+50
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sanitize branch names for confidential issues - When creating new branches for confidential issues, prefer a branch name like `issue-15` to `some-sensitive-issue-title-15`. - The behaviour for non-confidential issues stays the same. Closes #14566 See merge request !3671
| * | | A new branch created for a confidential issue is named ↵14566-confidential-issue-branchesTimothy Andrew2016-04-192-2/+2
| | | | | | | | | | | | | | | | `<id>-confidential-issue`.
| * | | Remove unused variable in `IssuesController`.Timothy Andrew2016-04-181-2/+0
| | | |
| * | | Merge remote-tracking branch 'origin/master' into ↵Timothy Andrew2016-04-15177-636/+3115
| |\ \ \ | | | | | | | | | | | | | | | 14566-confidential-issue-branches
| * | | | Make a few style changes based on MR feedback.Timothy Andrew2016-04-151-2/+2
| | | | |
| * | | | Merge remote-tracking branch 'origin/master' into ↵Timothy Andrew2016-04-1396-479/+3791
| |\ \ \ \ | | | | | | | | | | | | | | | | | | 14566-confidential-issue-branches
| * | | | | Update CHANGELOGTimothy Andrew2016-04-131-0/+1
| | | | | |
| * | | | | Fix the rubocop check.Timothy Andrew2016-04-131-2/+3
| | | | | |
| * | | | | Test the `Issue#to_branch_name` method.Timothy Andrew2016-04-121-2/+11
| | | | | |
| * | | | | Augment the tests for `Issue#related_branches`Timothy Andrew2016-04-121-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Test the case where we have a referenced merge request that's being - excluded as a "related branch" - This took a while to figure out, especially the `create_cross_references!` line.
| * | | | | Refactor `Issue#related_branches`Timothy Andrew2016-04-123-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Previously, the controller held the logic to calculate related branches, which was: `<branches ending with `issue.iid`> - <branches with a merge request referenced in the current issue>` - This logic belongs in the `related_branches` method, not in the controller. This commit makes this change. - This means that `Issue#related_branches` now needs to take a `User`. When we find the branches that have a merge request referenced in the current issue, this is limited to merge requests that the current user has access to. - This is not directly related to #14566, but is a related refactoring.
| * | | | | Sanitize branch names for confidential issues.Timothy Andrew2016-04-121-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - When creating new branches for confidential issues, prefer a branch name like `issue-15` to `some-sensitive-issue-title-15`. - The behaviour for non-confidential issues stays the same.
* | | | | | Merge branch 'toggle-points-per-packet' into 'master' Rémy Coutable2016-04-196-24/+40
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Configuring of points per UDP packet Related to https://gitlab.com/gitlab-com/operations/issues/195. This option would allow us to experiment with finding a good balance between points-per-packet and the UDP packet size. cc @pcarranza See merge request !3816
| * | | | | | Configuring of points per UDP packettoggle-points-per-packetYorick Peterse2016-04-196-24/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows users to configure the number of points stored in a single UDP packet. This in turn can be used to reduce the number of UDP packets being sent at the cost of these packets being somewhat larger. The default setting is 1 point per packet so nothing changes for existing users.
* | | | | | | Merge branch 'bump-version' into 'master' Yorick Peterse2016-04-192-1/+3
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump version to 8.8.0-pre See merge request !3809
| * | | | | | | Bump version to 8.8.0-prebump-versionDmitriy Zaporozhets2016-04-192-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* | | | | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2016-04-191-1/+1
|\ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ Merge branch 'patch-1' into 'master' Hannes Rosenögger2016-04-191-1/+1
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "git lfs init" is deprecated, use "git lfs install" instead. Recent releases of git-lfs warn that "init" is a deprecated command and that "install" should be used. See merge request !3779
| | * | | | | | | | "git lfs init" is deprecated, use "git lfs install" instead.Con Vissenberg2016-04-181-1/+1
| | | |_|_|_|_|_|/ | | |/| | | | | |
* | | | | | | | | Merge branch 'rs-issue-15126' into 'master' Douwe Maan2016-04-196-5/+35
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove persistent XSS vulnerability in `commit_person_link` helper Because we were incorrectly supplying the tooltip title as `data-original-title` (which Bootstrap's Tooltip JS automatically applies based on the `title` attribute; we should never be setting it directly), the value was being passed through as-is. Instead, we should be supplying the normal `title` attribute and letting Rails escape the value, which also negates the need for us to call `sanitize` on it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126 See merge request !1948
| * | | | | | | | Remove additional misuse of `data-original-title` attributeRobert Speicher2016-04-183-3/+3
| | | | | | | | |
| * | | | | | | | Remove persistent XSS vulnerability in `commit_person_link` helperRobert Speicher2016-04-173-2/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because we were incorrectly supplying the tooltip title as `data-original-title` (which Bootstrap's Tooltip JS automatically applies based on the `title` attribute; we should never be setting it directly), the value was being passed through as-is. Instead, we should be supplying the normal `title` attribute and letting Rails escape the value, which also negates the need for us to call `sanitize` on it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126
* | | | | | | | | Merge branch 'profile-aside-toggle' into 'master' Jacob Schatz2016-04-191-2/+0
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removed aside toggle on profile pages Closes #13943 See merge request !3796
| * | | | | | | | | Removed aside toggle on profile pagesprofile-aside-togglePhil Hughes2016-04-181-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #13943
* | | | | | | | | | Merge branch 'dropdown-filter-after-load' into 'master' Jacob Schatz2016-04-192-0/+4
|\ \ \ \ \ \ \ \ \ \ | |_|_|_|_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trigger filtering after ajax is complete in dropdown ![filter](/uploads/1c361d968769eb3fe5cdd05dee497aa6/filter.gif) Closes #15186 See merge request !3813
| * | | | | | | | | Trigger filtering after ajax is complete in dropdowndropdown-filter-after-loadPhil Hughes2016-04-192-0/+4
| | |_|_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | Closes #15186
* | | | | | | | | Merge branch 'api-fix-annotated-tags' into 'master' Rémy Coutable2016-04-193-1/+4
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Present an array of Gitlab::Git::Tag instead of array of rugged tags The annotated message was always `null` because the wrong array was presented. The entity requires an array of `Gitlab::Git::Tags` instead an array of raw rugged tags was presented. Since a rugged tag does not respond to `message` to get the annotated message, this was always `null`. See merge request !3764
| * | | | | | | | | Ensure that annoation is presented properlyRobert Schilling2016-04-181-0/+2
| | | | | | | | | |
| * | | | | | | | | API: Present an array of Gitlab::Git::Tag instead of array of rugged tagsRobert Schilling2016-04-172-1/+2
| | |_|_|_|_|_|_|/ | |/| | | | | | |
* | | | | | | | | Merge branch 'docs/notice-about-gitlab-runner' into 'master' Grzegorz Bizon2016-04-192-1/+25
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add notice about GitLab Runner to requirements docs This is related to #14589, and problems that may stem from running GitLab Runner on same machine user installed GitLab web app on. See merge request !3518
| * | | | | | | | | Add a note about installing Runners in ci/runners/README.mddocs/notice-about-gitlab-runnerAchilleas Pipinellis2016-04-111-1/+5
| | | | | | | | | |
| * | | | | | | | | Add link to Runner security docAchilleas Pipinellis2016-04-111-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
| * | | | | | | | | Add notice about GitLab Runner to requirements docsGrzegorz Bizon2016-04-041-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is related to !14589, and problems that may stem from running GitLab Runner on same machine user installed GitLab web app on.
* | | | | | | | | | Merge branch 'configurable-shared-runners-text' into 'master' Kamil Trzciński2016-04-198-4/+39
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add configurable shared runners text cc @axil @rspeicher @grzesiek See merge request !3750
| * | | | | | | | | | Use different markdownconfigurable-shared-runners-textKamil Trzcinski2016-04-192-3/+4
| | | | | | | | | | |
| * | | | | | | | | | Fix CHANGELOGKamil Trzcinski2016-04-181-1/+0
| | | | | | | | | | |
| * | | | | | | | | | Update according to review commentsKamil Trzcinski2016-04-182-6/+5
| | | | | | | | | | |
| * | | | | | | | | | Add configurable shared runners textKamil Trzcinski2016-04-188-4/+40
| | | | | | | | | | |
* | | | | | | | | | | Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqGrzegorz Bizon2016-04-193-4/+59
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'master' of dev.gitlab.org:gitlab/gitlabhq: Add Changelog entry for group link permissions fix Use guard clause to check ability to share project Refactor method that shares project with a group Check permissions when sharing project with group
| * \ \ \ \ \ \ \ \ \ \ Merge branch 'fix/link-group-permissions' into 'master' Douwe Maan2016-04-193-4/+59
| |\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check permissions when sharing project with group ## Summary Unprivileged user was able to share project with group he didn't have access to, and therefore gain partial access to that group, which opened possibilities for further actions like listing private projects in that group. See https://gitlab.com/gitlab-org/gitlab-ce/issues/15330 ## Fix This change introduces additional check for group read access. ## Further work We can think about preventing such problems in the future (this is quite common problem) by moving permissions checks to another layer of abstraction (TBD). Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15330 See merge request !1949
| | * | | | | | | | | | | Add Changelog entry for group link permissions fixGrzegorz Bizon2016-04-191-0/+3
| | | | | | | | | | | | |
| | * | | | | | | | | | | Use guard clause to check ability to share projectGrzegorz Bizon2016-04-191-7/+4
| | | | | | | | | | | | |
| | * | | | | | | | | | | Refactor method that shares project with a groupGrzegorz Bizon2016-04-191-4/+3
| | | | | | | | | | | | |
| | * | | | | | | | | | | Check permissions when sharing project with groupGrzegorz Bizon2016-04-192-4/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #15330
* | | | | | | | | | | | | Merge branch 'make-before-after-overridable' into 'master' Kamil Trzciński2016-04-194-18/+109
|\ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make before_script and after_script overridable This is makes it possible to overwrite the before_script and after_script at job level. This is continuation of https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3771 See merge request !3772