Commit graph

17 commits

Author SHA1 Message Date
Micaël Bergeron
2057a6acde port of 594e6a0a625^..f74c90f68c6 2018-02-01 12:14:46 -05:00
Robert Speicher
260c8da060 Whitelist or fix additional Gitlab/PublicSend cop violations
An upcoming update to rubocop-gitlab-security added additional
violations.
2017-08-14 12:14:11 -04:00
Jarka Kadlecova
2e311d9d1a Support uploads for newly created personal snippets 2017-06-07 07:52:41 +02:00
Jarka Kadlecova
4464c22d6d Support descriptions for snippets 2017-05-31 07:17:03 +02:00
Alexis Reigel
9a15b11237 Fixes the 500 for custom apearance header logo and logo 2017-05-19 09:20:51 +00:00
Jarka Kadlecova
43ff738641 Support uploaders for personal snippets comments 2017-05-02 15:22:24 +02:00
Pawel Chojnacki
f7cd5fd79a Ensure mutable uploads are not cached without revalidation 2017-02-22 20:34:23 +01:00
Zeger-Jan van de Weg
9a2869ab46 Branded login page also in CE
The only major difference with the EE version is the change from a light and dark logo to only a header logo
The dark logo wasn't used anyway, so it seemed to make sense to me to rename the field to the actual function of it
2016-02-26 15:50:51 +01:00
Valery Sizov
8346dde052 Only render 404 page from /public 2015-10-13 20:12:34 +03:00
Douwe Maan
783b286ac0 Don't symbolize params. 2015-05-11 11:55:02 +02:00
Jeroen van Baarsen
5a4ebfb47a Fixed the Rails/ActionFilter cop
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-04-20 15:39:37 +02:00
Douwe Maan
f5e42f602f Reject access to group/project avatar if the user doesn't have access. 2015-03-10 17:13:02 +01:00
Dmitriy Zaporozhets
16e899ca8b Add brakeman rake task and improve code security 2015-03-02 18:11:50 -08:00
Douwe Maan
0283fff591 Merge branch 'master' into extend_markdown_upload
# Conflicts:
#	app/views/projects/issues/_form.html.haml
#	app/views/projects/merge_requests/_form.html.haml
#	app/views/projects/merge_requests/_new_submit.html.haml
#	app/views/projects/milestones/_form.html.haml
#	app/views/projects/notes/_form.html.haml
#	app/views/projects/wikis/_form.html.haml
#	config/routes.rb
#	spec/controllers/projects_controller_spec.rb
2015-02-24 14:54:39 +01:00
Dmitriy Zaporozhets
897a2de54c Allow non authenticated access to avatars 2015-02-23 19:35:42 -08:00
Douwe Maan
218283b368 Merge branch 'extend_markdown_upload' into generic-uploads
# Conflicts:
#	app/controllers/files_controller.rb
#	app/controllers/projects/uploads_controller.rb
#	app/uploaders/attachment_uploader.rb
2015-02-20 15:37:37 +01:00
Douwe Maan
00ca490259 Use controllers to serve uploads, with XSS prevention and access control. 2015-02-20 13:13:48 +01:00