742cee756b
Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023 |
||
|---|---|---|
| .. | ||
| badges | ||
| blobs | ||
| branches | ||
| commit | ||
| commits | ||
| files | ||
| import_export | ||
| issues | ||
| labels | ||
| main | ||
| members | ||
| merge_requests | ||
| services | ||
| settings | ||
| tags | ||
| wiki | ||
| branches_spec.rb | ||
| builds_spec.rb | ||
| developer_views_empty_project_instructions_spec.rb | ||
| edit_spec.rb | ||
| features_visibility_spec.rb | ||
| gfm_autocomplete_load_spec.rb | ||
| group_links_spec.rb | ||
| guest_navigation_menu_spec.rb | ||
| issuable_templates_spec.rb | ||
| new_project_spec.rb | ||
| pipelines_spec.rb | ||
| project_settings_spec.rb | ||
| ref_switcher_spec.rb | ||
| shortcuts_spec.rb | ||
| snippets_spec.rb | ||