kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec
History
Douwe Maan 742cee756b Merge branch 'jej-22869' into 'security' 
Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023
 		2016-11-28 21:25:18 -03:00
..
bin DRY up the specs for bin/changelog 2016-11-03 17:35:06 +00:00
config Make mail_room idle_timeout option configurable. 2016-11-16 12:46:37 +01:00
controllers Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
factories Merge remote-tracking branch 'upstream/master' into fix-cancelling-pipelines 2016-11-22 18:46:35 +08:00
features Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
finders Precalculate user's authorized projects in database 2016-11-18 20:25:45 +02:00
fixtures add parsing support for incoming html email 2016-11-17 11:59:44 +09:00
helpers Refactor issuable_filters_present to reduce duplications 2016-11-28 14:48:03 +05:00
initializers
javascripts Merge branch 'zen-mode-fixture' into 'master' 2016-11-28 17:52:02 +00:00
lib Merge branch 'timeout-merge-request-for-binary-file' into 'master' 2016-11-25 16:19:03 +00:00
mailers Use `Gitlab.config.gitlab.host` over `'localhost'` 2016-11-18 20:17:10 +08:00
models Pass tag SHA to post-receive hook when tag is created via UI 2016-11-28 15:04:51 +01:00
policies Added tests for IssuePolicy 2016-11-07 12:49:24 +01:00
requests Merge branch 'zj-fix-label-creation-non-members' into 'security' 2016-11-28 21:24:19 -03:00
routing Add nested groups support to the routing 2016-11-23 14:08:36 +02:00
serializers Merge branch 'zj-upgrade-grape' into 'master' 2016-11-25 04:05:17 +00:00
services Merge branch 'zj-fix-label-creation-non-members' into 'security' 2016-11-28 21:24:19 -03:00
support Merge branch 'dynamic-build-fixture' into 'master' 2016-11-28 16:43:46 +00:00
tasks/gitlab Introduce better credential and error checking to `rake gitlab:ldap:check` 2016-11-08 15:46:10 -06:00
uploaders
views Prevent error when submitting a merge request and pipeline is not defined 2016-11-28 12:03:59 +01:00
workers Refresh project authorizations using a Redis lease 2016-11-25 13:35:01 +01:00
factories_spec.rb
rails_helper.rb
rake_helper.rb Add Rake task to create/repair GitLab Shell hooks symlinks 2016-11-01 14:52:59 -05:00
simplecov_env.rb
spec_helper.rb Refine specs for build show page with environments 2016-11-09 19:40:25 +01:00
teaspoon_env.rb