kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/features/projects
History
Douwe Maan 742cee756b Merge branch 'jej-22869' into 'security' 
Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023
2016-11-28 21:25:18 -03:00
..
badges Fix pipeline fixtures and calls to removed method 2016-10-04 14:43:24 +02:00
blobs Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
branches Removed delete branch tooltip and tests 2016-10-26 13:10:14 -05:00
commit Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
commits Fix pipelines spec 2016-11-16 16:29:12 -06:00
files Rewritten spinach git_blame tests to rspec feature tests 2016-11-07 15:17:52 +01:00
import_export Test GitLab project import for a user with only their default namespace. 2016-10-20 15:22:04 +02:00
issues Hide Create new list button on Issues and MRs pages 2016-08-17 16:39:33 -03:00
labels Add feature spec for labels subscription 2016-11-17 15:10:13 -02:00
main Fix download artifacts button link: 2016-09-19 13:12:45 +08:00
members Make access request specs explicitly enable or disable access requests as required 2016-11-11 15:45:47 +00:00
merge_requests Hide Create new list button on Issues and MRs pages 2016-08-17 16:39:33 -03:00
services Improve the mattermost help box 2016-11-21 17:58:40 +01:00
settings Move specs for project pipeline settings page 2016-10-18 12:58:11 +02:00
tags Fix download artifacts button link: 2016-09-19 13:12:45 +08:00
wiki Fix relative links in Markdown wiki when displayed in "Project" tab 2016-11-01 10:18:49 +01:00
branches_spec.rb Hides merge request button on branches page 2016-09-02 14:33:24 +01:00
builds_spec.rb Improve reproducibility of build trace test example 2016-11-22 13:35:18 +01:00
developer_views_empty_project_instructions_spec.rb Backport changes from gitlab-org/gitlab-ee!372 2016-05-04 17:05:16 -04:00
edit_spec.rb Hides merge request section in edit project when disabled 2016-09-02 12:03:49 +01:00
features_visibility_spec.rb Fix: Guest sees some repository details and gets 404 2016-11-04 13:06:48 +02:00
gfm_autocomplete_load_spec.rb Use admin user in tests 2016-09-16 10:49:55 +01:00
group_links_spec.rb Allow project group links to be expired 2016-08-18 22:45:41 +01:00
guest_navigation_menu_spec.rb Make guests unable to view MRs 2016-10-11 16:51:26 +03:00
issuable_templates_spec.rb Removed append logic 2016-10-21 21:53:10 +01:00
new_project_spec.rb Fix project Visibility level selector not using default values 2016-11-10 14:41:03 -02:00
pipelines_spec.rb Merge remote-tracking branch 'upstream/master' into fix-cancelling-pipelines 2016-11-21 22:28:22 +08:00
project_settings_spec.rb Added ability to put emojis into repository name 2016-11-12 09:21:23 +01:00
ref_switcher_spec.rb Created wait_for_turbolinks and added test for refs dropdown selection with special chars 2016-11-04 15:23:54 +00:00
shortcuts_spec.rb Move feature specs for shortcuts to valid directory 2016-06-02 11:05:54 +02:00
snippets_spec.rb Fix snippets pagination 2016-09-26 12:42:12 +02:00