Merge branch 'fix/unauthorized-access-to-build-data' into 'master'

Remove 'unscoped' from project builds selection This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188 /cc @kamil @grzegorz @stanhu See merge request !1968
author: Douwe Maan <douwe@gitlab.com> 2016-06-06 11:59:06 +0300
committer: Tomasz Maczukin <tomasz@maczukin.pl> 2016-06-14 16:30:16 +0300
commit: 6d88aabd7c6e0a7a71903617429e7a7aa0101b48 (patch)
tree: bc9be7e85986a203f1eb97d44facad169d5df9a5 /app
parent: 680453b740e6ae4ab1be6cba6b602adf6e704043 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 4638f77b887..3551f7fbd97 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -77,7 +77,7 @@ class Projects::BuildsController < Projects::ApplicationController
   private
 
   def build
-    @build ||= ci_project.builds.unscoped.find_by!(id: params[:id])
+    @build ||= ci_project.builds.find_by!(id: params[:id])
   end
 
   def artifacts_file
author	Douwe Maan <douwe@gitlab.com>	2016-06-06 11:59:06 +0300
committer	Tomasz Maczukin <tomasz@maczukin.pl>	2016-06-14 16:30:16 +0300
commit	6d88aabd7c6e0a7a71903617429e7a7aa0101b48 (patch)
tree	bc9be7e85986a203f1eb97d44facad169d5df9a5 /app
parent	680453b740e6ae4ab1be6cba6b602adf6e704043 (diff)