diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 21:36:30 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 21:36:30 +0300 |
commit | d21a6a45882f873db7aeab736d6bd30c362fde4a (patch) | |
tree | 4c3647221512cc5e8c69f78289faa2f7fee8db21 /app | |
parent | 383490a31376eb1bc6eb0617a454d1721c9280a1 (diff) | |
parent | 7e83acb8a2f7fe4a0c0acd6769114e0593c677bb (diff) |
Merge branch 'security-issue_54789_2' into 'master'
[master] Prevent disclosing project milestone titles
Closes #2794
See merge request gitlab/gitlabhq!2965
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/autocomplete_sources_controller.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb index 9c130af8394..0e3f13045ce 100644 --- a/app/controllers/projects/autocomplete_sources_controller.rb +++ b/app/controllers/projects/autocomplete_sources_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Projects::AutocompleteSourcesController < Projects::ApplicationController + before_action :authorize_read_milestone!, only: :milestones + def members render json: ::Projects::ParticipantsService.new(@project, current_user).execute(target) end |