Don't leak existence of project via search autocomplete.
This commit is contained in:
parent
24d139ba97
commit
1f813024ba
|
@ -1,6 +1,8 @@
|
|||
Please view this file on the master branch, on stable branches it's out of date.
|
||||
|
||||
v 7.10.0 (unreleased)
|
||||
- Don't leak existence of project via search autocomplete.
|
||||
- Fix broken file browsing with a submodule that contains a relative link (Stan Hu)
|
||||
- Fix bug where Wiki pages that included a '/' were no longer accessible (Stan Hu)
|
||||
- Fix bug where error messages from Dropzone would not be displayed on the issues page (Stan Hu)
|
||||
- Add ability to configure Reply-To address in gitlab.yml (Stan Hu)
|
||||
|
|
|
@ -35,7 +35,12 @@ class SearchController < ApplicationController
|
|||
|
||||
def autocomplete
|
||||
term = params[:term]
|
||||
@project = Project.find(params[:project_id]) if params[:project_id].present?
|
||||
|
||||
if params[:project_id].present?
|
||||
@project = Project.find_by(id: params[:project_id])
|
||||
@project = nil unless can?(current_user, :read_project, @project)
|
||||
end
|
||||
|
||||
@ref = params[:project_ref] if params[:project_ref].present?
|
||||
|
||||
render json: search_autocomplete_opts(term).to_json
|
||||
|
|
Loading…
Reference in New Issue