kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib
History
Timothy Andrew 34b71e734b Don't display the is_admin? flag for user API responses. 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
2017-04-25 09:46:05 +00:00
..
api Don't display the is_admin? flag for user API responses. 2017-04-25 09:46:05 +00:00
assets
backup Fix custom hooks restore 2017-03-29 14:48:06 +02:00
banzai Merge branch 'issuable-state-custom-links' into 'master' 2017-04-20 09:52:39 +00:00
bitbucket [BB Importer] Save the error trace and the whole raw document 2017-04-11 19:27:15 +03:00
ci Just enforce the output encoding for Ansi2html 2017-04-18 17:12:06 +08:00
constraints replace find_with_namespace with find_by_full_path 2017-02-03 07:14:04 +07:00
container_registry Fix duplicated container repository names 2017-04-18 22:20:47 +02:00
generators/rails/post_deployment_migration
gitlab Merge branch 'add-email-receiver-metrics' into 'master' 2017-04-20 14:32:12 +00:00
json_web_token
mattermost Merge branch 'master' into 'zj-create-mattermost-team' 2017-03-06 14:04:14 +00:00
microsoft_teams adds relevant tests 2017-04-06 19:47:07 +01:00
omni_auth Remove explicit require calls, and use require_dependency when needed 2017-03-13 14:29:55 +01:00
rouge Document tag option and clarify spec 2017-03-14 15:29:00 -06:00
support Use config.toml to configure Gitaly 2017-04-06 17:44:18 +02:00
tasks Does not remove the GitHub remote when importing from GitHub 2017-04-18 00:22:33 +00:00
additional_email_headers_interceptor.rb Set Auto-Submitted: auto-generated header to emails 2017-02-15 23:15:48 +05:00
banzai.rb
disable_email_interceptor.rb
email_template_interceptor.rb Use #parts instead of #part to read all the parts of the Message. 2017-01-09 13:01:07 -05:00
event_filter.rb
expand_variables.rb
extracts_path.rb Enable and autocorrect the CustomErrorClass cop 2017-03-01 15:28:10 +00:00
file_size_validator.rb Enable Style/ClassCheck 2017-02-23 09:32:22 -06:00
file_streamer.rb
gitlab.rb
gt_one_coercion.rb
repository_cache.rb
static_model.rb
unfold_form.rb
uploaded_file.rb
version_check.rb