742cee756b
Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023 |
||
---|---|---|
.. | ||
badges | ||
blobs | ||
branches | ||
commit | ||
commits | ||
files | ||
import_export | ||
issues | ||
labels | ||
main | ||
members | ||
merge_requests | ||
services | ||
settings | ||
tags | ||
wiki | ||
branches_spec.rb | ||
builds_spec.rb | ||
developer_views_empty_project_instructions_spec.rb | ||
edit_spec.rb | ||
features_visibility_spec.rb | ||
gfm_autocomplete_load_spec.rb | ||
group_links_spec.rb | ||
guest_navigation_menu_spec.rb | ||
issuable_templates_spec.rb | ||
new_project_spec.rb | ||
pipelines_spec.rb | ||
project_settings_spec.rb | ||
ref_switcher_spec.rb | ||
shortcuts_spec.rb | ||
snippets_spec.rb |