| Age | Commit message (Collapse) | Author |
|---|
|
|
|
[ci skip]
|
|
Updated Turbolinks to patched version of turbolinks-classic
See merge request !2048
|
|
Update the gitlab-markup gem to the version `1.5.1`
See merge request !8509
|
|
|
|
[ci skip]
|
|
The specs on the cherry-picked MR were counting on a behaviour that
was added on https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7843
(an 8.15 MR). We backport the relevant code.
|
|
Filter `incoming_email_token` and `runners_token` parameters
Closes https://dev.gitlab.org/gitlab/gitlabhq/issues/2676
See merge request !2045
|
|
Issue#visible_to_user moved to IssuesFinder
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24637.
See merge request !2039
|
|
Fix missing Note access checks in by moving Note#search to updated NoteFinder
Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
## Which fixes are in this MR?
:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested
### Note lookup without access check
- [x] :white_check_mark: app/finders/notes_finder.rb:13 :download_code check
- [x] :white_check_mark: app/finders/notes_finder.rb:19 `SnippetsFinder`
- [x] :white_check_mark: app/models/note.rb:121 [`Issue#visible_to_user`]
- [x] :white_check_mark: lib/gitlab/project_search_results.rb:113
- This is the only use of `app/models/note.rb:121` above, but importantly has no access checks at all. This means it leaks MR comments and snippets when those features are `team-only` in addition to the issue comments which would be fixed by `app/models/note.rb:121`.
- It is only called from SearchController where `can?(current_user, :download_code, @project)` is checked, so commit comments are not leaked.
### Previous discussions
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_13_13 `: download_code` check on commit
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b915c5267a63628b0bafd23d37792ae73ceae272_19_19 `SnippetsFinder` should be used
- `SnippetsFinder` should check if the snippets feature is enabled -> https://gitlab.com/gitlab-org/gitlab-ce/issues/25223
### Acceptance criteria met?
- [x] Tests added for new code
- [x] TODO comments removed
- [x] Squashed and removed skipped tests
- [x] Changelog entry
- [ ] State Gitlab versions affected and issue severity in description
- [ ] Create technical debt issue for NotesFinder.
- Either split into `NotesFinder::ForTarget` and `NotesFinder::Search` or consider object per notable type such as `NotesFinder::OnIssue`. For the first option could create `NotesFinder::Base` which is either inherited from or which can be included in the other two.
- Avoid case statement anti-pattern in this finder with use of `NotesFinder::OnCommit` etc. Consider something on the finder for this? `Model.finder(user, project)`
- Move `inc_author` to the controller, and implement `related_notes` to replace `non_diff_notes`/`mr_and_commit_notes`
See merge request !2035
|
|
API: Memoize the current_user so that the sudo can work properly
Closes #25482
See merge request !8017
|
|
Encode when migrating ProcessCommitWorker jobs
## What does this MR do?
This adds encoding logic to the migration for ProcessCommitWorker, ensuring it doesn't throw errors when the input can not be converted to UTF-8 without extra help.
## What are the relevant issue numbers?
https://gitlab.com/gitlab-org/gitlab-ce/issues/25489
See merge request !8064
|
|
Fix Crontab typo for PruneOldEventsWorker to run 4x/day instead of 60x/hour
In c0a92cb8 the intended cron setting (per the comment) was to be "4 times a day", a * instead of a 0 means it runs 60x/hr 4x/day.
Closes #25571
See merge request !8051
|
|
Displays milestone remaining days only when it's present
See merge request !7998
|
|
Use a single query in Projects::ProjectMembersController to fetch members
See merge request !7997
|
|
Fixed timeago re-rendering every element
## What does this MR do?
Fixes an issue when new notes are added timeago will be initialised for every timeago element on the page again and therefore adding more timeouts.
See merge request !7969
|
|
Allow branch names with dots on API endpoint
closes #25030
See merge request !7963
|
|
Avoid escaping relative links in Markdown twice
## What does this MR do?
Avoid escaping relative links in Markdown twice.
## Why was this MR needed?
Relative links with special characters (e.g. spaces) were escaped twice.
## What are the relevant issue numbers?
closes #25191, #25318
See merge request !7940
|
|
'25171-fix-mr-features-settings-hidden-when-builds-are-disabled' into 'master'
Remove wrong '.builds-feature' class from the MR settings fieldset
Closes #25171
See merge request !7930
|
|
|
|
Correct autocomplete for values with special characters
This adds a check for any special chars in any value passed to the `DefaultOptions.beforeInsert` callback function. If special chars are found and `skipSpecialCharTest` option is `false`, it will wrap the value in quotation marks.
This fixed autocompleting `~customer+` instead of `~"customer+"`.
- [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [ ] Added for this feature/bug
- [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
Closes #25286, #24961
See merge request !7910
|
|
Shows group members in the project members list
Closes #24122
See merge request !7899
|
|
fix display hook error message
## What does this MR do?
Fix hook error message display.
## Are there points in the code the reviewer needs to double check?
Probably Hook will return the plain multi line text. It is better `pre` tag than `h4`.
I thought of another good looking display, but I did not come up with it. :sweat:
## Why was this MR needed?
When the hook returns an STDERR, "Merge in progress" button spinning forever. Due to javascript's error.
## Screenshots (if relevant)
When update hook returns an error like
```
XXXXXXXX
YYYYYYYY
ZZZZZZZZ
```
## What are the relevant issue numbers?
Closes #24020
See merge request !7775
|
|
'master'
Remove 'Leave Project' and 'Leave Group' from settings dropdowns
## What does this MR do?
Removes `Leave Project` and `Leave Group` from the settings dropdown.
Adds it to the `views/shared/members/access_request_buttons.html.haml`.
## Are there points in the code the reviewer needs to double check?
## Why was this MR needed?
## Screenshots (if relevant)
## Does this MR meet the acceptance criteria?
- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [ ] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
Closes #23305
See merge request !7600
|
|
|
|
[ci skip]
|
|
|
|
Make the `downtime_check` task happy
See merge request !7845
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
Reenables the API /users to return `private-token` when sudo is either a parameter or passed as a header and the user is admin.
Closes #24537
See merge request !7615
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
Replace MR access checks with use of MergeRequestsFinder
Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867
:warning: - Potentially untested
:bomb: - No test coverage
:traffic_light: - Test coverage of some sort exists (a test failed when error raised)
:vertical_traffic_light: - Test coverage of return value (a test failed when nil used)
:white_check_mark: - Permissions check tested
- [x] :bomb: app/finders/notes_finder.rb:17
- [x] :warning: app/views/layouts/nav/_project.html.haml:80 [`.count`]
- [x] :bomb: app/controllers/concerns/creates_commit.rb:84
- [x] :traffic_light: app/controllers/projects/commits_controller.rb:24
- [x] :traffic_light: app/controllers/projects/compare_controller.rb:56
- [x] :vertical_traffic_light: app/controllers/projects/discussions_controller.rb:29
- [x] :white_check_mark: app/controllers/projects/todos_controller.rb:27
- [x] :vertical_traffic_light: app/models/commit.rb:268
- [x] :white_check_mark: lib/gitlab/search_results.rb:71
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)`
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`.
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?`
See merge request !2033
|
|
Don't accidentally mark unsafe diff lines as HTML safe
Fixes potential XSS issue when a legacy diff note is created on a merge
request whose diff contained HTML
See https://gitlab.com/gitlab-org/gitlab-ce/issues/25249
See merge request !2040
|
|
Add authentication_token to filter_parameters list
See merge request !2041
|
|
Destroy a user session when they delete their own account via browser
This patch destroys a user's session when they delete their own account
using a browser. A new session is created as they are redirected to the
sign_in page.
Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015
See merge request !2042
|
|
Bump gitlab-shell version to 4.0.3
See merge request !7953
|
|
Remove caching of Repository#has_visible_content?
This MR removes the caching of `Repository#has_visible_content?`. The cache for this method is no longer necessary and this should solve the problem described in https://gitlab.com/gitlab-org/gitlab-ce/issues/25278.
See merge request !7947
|
|
Authorize users into imported GitLab project
https://gitlab.com/gitlab-com/support-forum/issues/1313
See merge request !7936
|
|
Fix compatibility with Internet Explorer 11 for merge requests
## What does this MR do?
This merge request restores the compatibility with Internet Explorer 11.
## Are there points in the code the reviewer needs to double check?
No.
## Why was this MR needed?
Commit ca3c0c6cd915d44ec2d409b04ab05d964bd5a403 introduced an incompatibility with Internet Explorer 11. On all merge requests in all projects the 'Changes' tab does not display the changes in IE11 but instead fails with 'Something went wrong on our end'. The reason ist, that this code snipped produces different results on Firefox and Internet Explorer 11:
```
var element = document.createElement('a');
element.href = '/some/absolute/url';
alert(element.pathname);
```
With Internet Explorer 11 the alert will print a relative path, whereas with Firefox the alert will print an absolute path. For GitLab this meant that a wrong AJAX URL was composed which resulted in a 404.
## Screenshots (if relevant)
None.
## Does this MR meet the acceptance criteria?
- [X] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [X] Added for this feature/bug
- [ ] All builds are passing
- [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [X] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
#23977
#24380
See merge request !7525
|
|
Pipelines tabs
## What does this MR do?
Changes the URL when the builds tab is clicked making it possible to be shared.
1. Adds a standard way to handle linked tabs:
* This behaviour is already present in the merge requests, commit and user `show` page.
* This MR introduces a reusable way to accomplish this behaviour for pages with static content.
2. Adds test:
* For the linked tabs reusable class
* For the pipelines tabs
## Why was this MR needed?
To allow having a sharable URL that represented the opened tab
## Does this MR meet the acceptance criteria?
- [x] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
Closes #24814
See merge request !7709
|
|
Resolve "Highlighting lines is broken"
Add line highlighting back to diff view. This was working in the MR "changes" tab, but not on a commit page such as https://gitlab.com/winniehell/reproduction-area/commit/9101e66f5761929002956e0f2dd65d7f8643903d
~~This MR also fixes the `scrollToElement` method in `MergeRequestTabs` to account for the extra height of the tab links which are now fixed in place once they are scrolled to the top of the screen.~~ (removed in favor of !7051)
This MR also refactors much of the `Diff` and `MergeRequestTabs` classes to es6 syntax in an effort to increase readability.
Check out both MR "change" tabs and commit diff pages and ensure that line highlighting works and that loading a page with one of these permalink hashes correctly highlights and scrolls to the line.
Ensure I didn't break anything in the transition to es6 syntax. Check the functionality of the tabs on MR pages, as well as diff page interactivity (unfolding hidden lines in diff files, adding comments to diffs, etc). I have checked these myself, but another set of eyes would be a good idea.
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
- [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
Closes #23696
See merge request !7090
|
|
Fix pipeline author for Slack and use pipeline id for pipeline link
[Context](https://gitlab.slack.com/archives/runner-builds/p1479238493000018)
Pipeline Slack message:
> gitlab-org/gitlab-ci-multi-runner: Pipeline 8bed2a3b of fix/handle-failed-state-while-patching-trace branch by failed in 1389 seconds
Quotes:
> @godfat Take a look at these notifications, they seems to be missing author and should probably use Pipeline ID instead of SHA
See merge request !7506
|
|
|
|
[ci skip]
|
|
|
|
'25251-actionview-template-error-undefined-method-text-for-nil-nilclass' into 'master'
Fixes ActionView::Template::Error: undefined method `text?` for nil:NilClass
Closes #25251
See merge request !7893
|
|
Fix URL rewritting in the Help section
Closes #25199
See merge request !7875
|
|
Fix GitHub importer to import PR where source repo/fork was renamed/deleted
Closes #24594
See merge request !7865
|
|
'24669-merge-request-dashboard-page-takes-over-a-minute-to-load' into 'master'
Resolve "Merge request dashboard page takes over a minute to load"
See merge request !7760
|
|
Pass commit data to ProcessCommitWorker
This changes `ProcessCommitWorker` so that it takes a Hash containing commit data instead of a commit SHA. This means the worker doesn't have to access Git just to process a commit message (and other data it may use). This in turn should solve the problem of ending up with 15 000-something jobs in the `process_commit` queue that take forever to process.
See merge request !7744
|
|
Allow dots in group names to pass validation for Create Group and Edit Group forms
## What does this MR do?
Allows dots within group names to pass form validation when creating or editing a group.
## Are there points in the code the reviewer needs to double check?
Nope, pretty straight forward.
## Why was this MR needed?
Although group names with dots are allowed, our frontend validation mistakenly invalidates them
## Screenshots (if relevant)
#### Before:
#### After:
## Does this MR meet the acceptance criteria?
- [ ] ~~[Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added~~
- [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- [ ] ~~API support added~~
- Tests
- [ ] Added for this feature/bug
- [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
## What are the relevant issue numbers?
Related to: #24622
Closes #24903
See merge request !7723
|
