kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/views/projects
History
Douwe Maan 742cee756b Merge branch 'jej-22869' into 'security' 
Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023
 		2016-11-28 21:25:18 -03:00
..
artifacts Removed soon-to-be un-needed project title additions from builds and environments 2016-11-09 12:23:21 +00:00
badges
blame Replace jQuery.timeago with timeago.js 2016-11-07 14:49:00 -06:00
blob Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
boards Fixed dragging issue moving wrong issue after multiple drags of issue 2016-11-24 10:38:24 +00:00
branches Add button to delete all merged branches 2016-11-09 21:04:03 +01:00
builds Merge branch '24779-last-deployment-call-on-nil-environment-fix' into 'master' 2016-11-24 14:31:20 +00:00
buttons Merge branch 'always-show-download-button' into 'master' 2016-11-14 15:06:34 +00:00
ci additional fixes 2016-11-22 00:58:16 +01:00
commit sort pipeline graph builds and build groups by name 2016-11-22 14:47:02 -06:00
commits Make pipeline page header responsive; add build counter; add short sha 2016-11-14 14:03:44 -06:00
compare Fixed compare ellipsis messing with layout 2016-10-21 13:43:52 +01:00
container_registry
cycle_analytics Add custom copy for each empty stage 2016-11-21 17:26:19 -05:00
deploy_keys
deployments Merge branch '22191-delete-dynamic-envs-mr' into 'master' 2016-10-19 07:53:05 +00:00
diffs Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
environments Fix css class 2016-11-18 15:44:21 +00:00
find_file
forks Replace bootstrap caret with fontawesome caret 2016-10-05 17:39:52 -05:00
generic_commit_statuses Converted all status icons to be managed by scss colors only and deleted any classes or styles within the svg's, plus gave status badges a hover style only if clickable 2016-11-22 00:15:16 +01:00
graphs Add flash containers and broadcast messages below subnav 2016-10-01 00:21:37 +03:00
group_links Merge branch 'members-ui' into 'master' 2016-10-14 12:25:23 +00:00
hooks
imports Use 'Forking in progress' title when appropriate 2016-11-09 23:58:25 -05:00
issues Merge branch '20840-getting-started-better-empty-state-for-issues-view' into 'master' 2016-11-22 02:24:23 +00:00
labels Use label subject to calculate number of issues/mrs within the group 2016-10-31 23:27:49 -02:00
merge_requests Prevent error when submitting a merge request and pipeline is not defined 2016-11-28 12:03:59 +01:00
milestones Add a starting date to milestones 2016-11-23 13:41:04 +02:00
network Fix bug of json request url 2016-11-07 20:44:15 +09:00
notes resolves lowercase issue in system note for labels, label description and title 2016-11-22 14:44:59 +06:00
pipelines Converted all status icons to be managed by scss colors only and deleted any classes or styles within the svg's, plus gave status badges a hover style only if clickable 2016-11-22 00:15:16 +01:00
pipelines_settings Use better wording for test coverage parsing help text 2016-10-27 19:41:09 +02:00
project_members Changed how collections are rendered 2016-10-06 15:41:00 +01:00
protected_branches Create protected branches bundle 2016-10-20 12:03:30 -05:00
refs fix broken ajax for large repository trees (regression caused in !7208) 2016-11-18 13:52:07 -06:00
releases
repositories Enable CacheMarkdownField for the remaining models 2016-10-07 02:54:26 +01:00
runners Merge branch 'runners-paginate' into 'master' 2016-10-21 14:58:26 +00:00
services Frontend review changes 2016-11-21 22:11:21 +00:00
snippets Replace bootstrap caret with fontawesome caret 2016-10-05 17:39:52 -05:00
tags Fix bad selection on dropdown menu for tags filter 2016-11-25 00:29:26 -07:00
tree Cleaned up global namespace JS 2016-11-03 23:00:21 -05:00
triggers Add ref parameter for triggerring builds with gitlab webhook from other project. 2016-11-15 17:19:33 +03:00
variables Sort secret variables by key (fix #20870) 2016-09-09 15:06:50 -03:00
wikis Add nested groups support to the routing 2016-11-23 14:08:36 +02:00
_activity.html.haml convert activities.js to es6 class syntax 2016-11-20 01:32:20 -06:00
_bitbucket_import_modal.html.haml
_commit_button.html.haml
_customize_workflow.html.haml Add visibility level to project repository 2016-10-17 18:12:18 -02:00
_errors.html.haml
_files.html.haml
_find_file_link.html.haml
_gitlab_import_modal.html.haml
_home_panel.html.haml Update avatar container name so it doesnt conflict with other image containers 2016-11-03 12:26:09 -05:00
_last_commit.html.haml Replace jQuery.timeago with timeago.js 2016-11-07 14:49:00 -06:00
_last_push.html.haml Add white background to create MR banner 2016-10-01 00:21:37 +03:00
_md_preview.html.haml
_merge_request_settings.html.haml Add setting to only allow merge requests to be merged when all discussions are resolved 2016-11-04 14:58:40 +01:00
_readme.html.haml
_wiki.html.haml Add visibility level to project repository 2016-10-17 18:12:18 -02:00
_zen.html.haml Loads GFM once for per page 2016-10-14 10:52:48 +01:00
activity.html.haml
edit.html.haml Fix `LFS enabled` select box. 2016-11-23 13:04:20 -06:00
empty.html.haml updated missed indentation 2016-09-30 13:50:23 +00:00
new.html.haml Fix project Visibility level selector not using default values 2016-11-10 14:41:03 -02:00
no_repo.html.haml
remove_fork.js.haml
show.atom.builder
show.html.haml 19205 Redesign group page header to match new navigation 2016-11-09 17:24:17 -08:00
transfer.js.haml
update.js.haml