diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-06-06 11:59:06 +0300 |
---|---|---|
committer | Tomasz Maczukin <tomasz@maczukin.pl> | 2016-06-14 16:30:16 +0300 |
commit | 6d88aabd7c6e0a7a71903617429e7a7aa0101b48 (patch) | |
tree | bc9be7e85986a203f1eb97d44facad169d5df9a5 /app | |
parent | 680453b740e6ae4ab1be6cba6b602adf6e704043 (diff) |
Merge branch 'fix/unauthorized-access-to-build-data' into 'master'
Remove 'unscoped' from project builds selection
This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188
/cc @kamil @grzegorz @stanhu
See merge request !1968
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/builds_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb index 4638f77b887..3551f7fbd97 100644 --- a/app/controllers/projects/builds_controller.rb +++ b/app/controllers/projects/builds_controller.rb @@ -77,7 +77,7 @@ class Projects::BuildsController < Projects::ApplicationController private def build - @build ||= ci_project.builds.unscoped.find_by!(id: params[:id]) + @build ||= ci_project.builds.find_by!(id: params[:id]) end def artifacts_file |