Commit graph

8 commits

Author SHA1 Message Date
Douwe Maan
783b286ac0 Don't symbolize params. 2015-05-11 11:55:02 +02:00
Jeroen van Baarsen
5a4ebfb47a Fixed the Rails/ActionFilter cop
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-04-20 15:39:37 +02:00
Douwe Maan
f5e42f602f Reject access to group/project avatar if the user doesn't have access. 2015-03-10 17:13:02 +01:00
Dmitriy Zaporozhets
16e899ca8b Add brakeman rake task and improve code security 2015-03-02 18:11:50 -08:00
Douwe Maan
0283fff591 Merge branch 'master' into extend_markdown_upload
# Conflicts:
#	app/views/projects/issues/_form.html.haml
#	app/views/projects/merge_requests/_form.html.haml
#	app/views/projects/merge_requests/_new_submit.html.haml
#	app/views/projects/milestones/_form.html.haml
#	app/views/projects/notes/_form.html.haml
#	app/views/projects/wikis/_form.html.haml
#	config/routes.rb
#	spec/controllers/projects_controller_spec.rb
2015-02-24 14:54:39 +01:00
Dmitriy Zaporozhets
897a2de54c Allow non authenticated access to avatars 2015-02-23 19:35:42 -08:00
Douwe Maan
218283b368 Merge branch 'extend_markdown_upload' into generic-uploads
# Conflicts:
#	app/controllers/files_controller.rb
#	app/controllers/projects/uploads_controller.rb
#	app/uploaders/attachment_uploader.rb
2015-02-20 15:37:37 +01:00
Douwe Maan
00ca490259 Use controllers to serve uploads, with XSS prevention and access control. 2015-02-20 13:13:48 +01:00