Douwe Maan
|
783b286ac0
|
Don't symbolize params.
|
2015-05-11 11:55:02 +02:00 |
|
Jeroen van Baarsen
|
5a4ebfb47a
|
Fixed the Rails/ActionFilter cop
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
|
2015-04-20 15:39:37 +02:00 |
|
Douwe Maan
|
f5e42f602f
|
Reject access to group/project avatar if the user doesn't have access.
|
2015-03-10 17:13:02 +01:00 |
|
Dmitriy Zaporozhets
|
16e899ca8b
|
Add brakeman rake task and improve code security
|
2015-03-02 18:11:50 -08:00 |
|
Douwe Maan
|
0283fff591
|
Merge branch 'master' into extend_markdown_upload
# Conflicts:
# app/views/projects/issues/_form.html.haml
# app/views/projects/merge_requests/_form.html.haml
# app/views/projects/merge_requests/_new_submit.html.haml
# app/views/projects/milestones/_form.html.haml
# app/views/projects/notes/_form.html.haml
# app/views/projects/wikis/_form.html.haml
# config/routes.rb
# spec/controllers/projects_controller_spec.rb
|
2015-02-24 14:54:39 +01:00 |
|
Dmitriy Zaporozhets
|
897a2de54c
|
Allow non authenticated access to avatars
|
2015-02-23 19:35:42 -08:00 |
|
Douwe Maan
|
218283b368
|
Merge branch 'extend_markdown_upload' into generic-uploads
# Conflicts:
# app/controllers/files_controller.rb
# app/controllers/projects/uploads_controller.rb
# app/uploaders/attachment_uploader.rb
|
2015-02-20 15:37:37 +01:00 |
|
Douwe Maan
|
00ca490259
|
Use controllers to serve uploads, with XSS prevention and access control.
|
2015-02-20 13:13:48 +01:00 |
|