diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-11-01 23:18:51 +0300 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-11-09 14:25:17 +0300 |
| commit | bf061d0aff091a73611037b811cea2d3380962f4 (patch) | |
| tree | 11294b9f8d9b321f597c268bd4846ffd5b99f6e9 /app/policies | |
| parent | 79d94b167999544086db235602a9213a2d37831e (diff) | |
Merge branch 'issue_23548_dev' into 'master'
disable markdown in comments when referencing disabled features
fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548
This MR prevents the following references when tool is disabled:
- issues
- snippets
- commits - when repo is disabled
- commit range - when repo is disabled
- milestones
This MR does not prevent references to repository files, since they are just markdown links and don't leak
information.
See merge request !2011
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'app/policies')
| -rw-r--r-- | app/policies/issue_policy.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb index 52fa33bc4b0..88f3179c6ff 100644 --- a/app/policies/issue_policy.rb +++ b/app/policies/issue_policy.rb @@ -1,4 +1,8 @@ class IssuePolicy < IssuablePolicy + # This class duplicates the same check of Issue#readable_by? for performance reasons + # Make sure to sync this class checks with issue.rb to avoid security problems. + # Check commit 002ad215818450d2cbbc5fa065850a953dc7ada8 for more information. + def issue @subject end |