Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2019-03-04 21:36:30 +0300
committerYorick Peterse <yorickpeterse@gmail.com>2019-03-04 21:36:30 +0300
commitd21a6a45882f873db7aeab736d6bd30c362fde4a (patch)
tree4c3647221512cc5e8c69f78289faa2f7fee8db21 /app
parent383490a31376eb1bc6eb0617a454d1721c9280a1 (diff)
parent7e83acb8a2f7fe4a0c0acd6769114e0593c677bb (diff)
Merge branch 'security-issue_54789_2' into 'master'
[master] Prevent disclosing project milestone titles Closes #2794 See merge request gitlab/gitlabhq!2965
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects/autocomplete_sources_controller.rb2
1 files changed, 2 insertions, 0 deletions
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb
index 9c130af8394..0e3f13045ce 100644
--- a/app/controllers/projects/autocomplete_sources_controller.rb
+++ b/app/controllers/projects/autocomplete_sources_controller.rb
@@ -1,6 +1,8 @@
# frozen_string_literal: true
class Projects::AutocompleteSourcesController < Projects::ApplicationController
+ before_action :authorize_read_milestone!, only: :milestones
+
def members
render json: ::Projects::ParticipantsService.new(@project, current_user).execute(target)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 18:14:49 +0300