742cee756b
Fix information disclosure in `Projects::BlobController#update` It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that. - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) https://gitlab.com/gitlab-org/gitlab-ce/issues/22869 See merge request !2023 |
||
---|---|---|
.. | ||
abuse_report_mailer | ||
abuse_reports | ||
admin | ||
award_emoji | ||
ci/lints | ||
dashboard | ||
devise | ||
discussions | ||
doorkeeper | ||
email_rejection_mailer | ||
emojis | ||
errors | ||
events | ||
explore | ||
groups | ||
help | ||
import | ||
invites | ||
issues | ||
kaminari/gitlab | ||
koding | ||
layouts | ||
notify | ||
profiles | ||
projects | ||
repository_check_mailer | ||
search | ||
sent_notifications | ||
shared | ||
sherlock | ||
snippets | ||
u2f | ||
users |