742cee756b
Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023 |
||
|---|---|---|
| .. | ||
| abuse_report_mailer | ||
| abuse_reports | ||
| admin | ||
| award_emoji | ||
| ci/lints | ||
| dashboard | ||
| devise | ||
| discussions | ||
| doorkeeper | ||
| email_rejection_mailer | ||
| emojis | ||
| errors | ||
| events | ||
| explore | ||
| groups | ||
| help | ||
| import | ||
| invites | ||
| issues | ||
| kaminari/gitlab | ||
| koding | ||
| layouts | ||
| notify | ||
| profiles | ||
| projects | ||
| repository_check_mailer | ||
| search | ||
| sent_notifications | ||
| shared | ||
| sherlock | ||
| snippets | ||
| u2f | ||
| users | ||