Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2019-02-27 17:19:26 +0300
committerYorick Peterse <yorickpeterse@gmail.com>2019-02-27 17:19:26 +0300
commit0a328bc5f75ea5f161f686b2559c081eec27f130 (patch)
treeb96ff1ef0ff118c8bb8890e090116f62e241e052 /app
parenteeb1974aadefe0622d2a1633a778b2c498587752 (diff)
parentb6e06b155964af3437b227e19fc80e7c96bd5ee6 (diff)
Merge branch 'security-issue_54789_2-11-8' into '11-8-stable'
[11.8] Prevent disclosing project milestone titles See merge request gitlab/gitlabhq!2973
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects/autocomplete_sources_controller.rb2
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb
index 9c130af8394..0e3f13045ce 100644
--- a/app/controllers/projects/autocomplete_sources_controller.rb
+++ b/app/controllers/projects/autocomplete_sources_controller.rb
@@ -1,6 +1,8 @@
# frozen_string_literal: true
class Projects::AutocompleteSourcesController < Projects::ApplicationController
+ before_action :authorize_read_milestone!, only: :milestones
+
def members
render json: ::Projects::ParticipantsService.new(@project, current_user).execute(target)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 03:08:46 +0300