kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/views/projects/diffs
History
Douwe Maan 742cee756b Merge branch 'jej-22869' into 'security' 
Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023
 		2016-11-28 21:25:18 -03:00
..
_content.html.haml Fix Error 500 when creating a merge request that contains an image that was deleted and added 2016-11-14 15:57:01 +01:00
_diffs.html.haml Unify anchor link format for MR diff files !7298 2016-11-15 20:51:21 +03:00
_file.html.haml Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
_file_header.html.haml Add width to caret to rid ourselves of the shift 2016-11-04 18:04:26 +06:00
_image.html.haml
_line.html.haml Remove an extra leading space from diff content 2016-11-04 14:05:49 +09:00
_parallel_view.html.haml Fix horizontal padding for highlight blocks 2016-10-25 16:06:10 -05:00
_stats.html.haml Unify anchor link format for MR diff files !7298 2016-11-15 20:51:21 +03:00
_text_file.html.haml
_warning.html.haml