kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/views/projects/blob
History
Douwe Maan 742cee756b Merge branch 'jej-22869' into 'security' 
Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023
2016-11-28 21:25:18 -03:00
..
_actions.html.haml Improve diff performance by eliminating redundant checks for text blobs 2016-07-29 21:06:50 -07:00
_blob.html.haml Also pass ref here 2016-10-27 03:44:53 +08:00
_download.html.haml Add specs for showing lfs object in UI. 2015-12-07 15:03:50 +01:00
_editor.html.haml Unify dropdown button styles 2016-11-03 12:27:06 -05:00
_image.html.haml Limit the size of SVGs when viewing them as blobs 2016-08-15 13:42:52 +02:00
_new_dir.html.haml Change js-quick-submit behavior to expect the class on the form 2016-03-02 15:11:15 -05:00
_remove.html.haml Change js-quick-submit behavior to expect the class on the form 2016-03-02 15:11:15 -05:00
_text.html.haml add custom highlighting via .gitattributes 2016-06-27 14:17:49 -07:00
_upload.html.haml Cleaned up global namespace JS 2016-11-03 23:00:21 -05:00
diff.html.haml Add unfold links for Side-by-Side view 2016-08-04 09:09:59 +03:00
edit.html.haml Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
new.html.haml Move editor paths to helper 2016-08-19 16:17:14 +01:00
preview.html.haml Highlight note code and edit preview 2016-01-25 11:42:47 +01:00
show.html.haml Remove unnecessary parens 2016-06-30 16:01:26 +03:00