| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Rails5 fix format in uploads actions
Closes #46276
See merge request gitlab-org/gitlab-ce!19907
|
|
|
|
With text/calendar as Content-Type, the browser always downloads the
content as a file (even ignoring the Content-Disposition header). We
want to display the content inline when accessed from GitLab, similarly
to the RSS feed.
|
|
|
|
Resolve "Timeout searching group issues"
Closes #46648
See merge request gitlab-org/gitlab-ce!19429
|
|
Customizable favicon
Closes #15661
See merge request gitlab-org/gitlab-ce!14497
|
|
When filtering issues with a search string in a group, we observed on GitLab.com
that Postgres was using an inefficient query plan, preferring the (global)
trigram indexes on description and title, rather than using a filter on the
restricted set of issues within the group.
Change the callers of the IssuableFinder to use a CTE in this case to fence the
rest of the query from the LIKE filters, so that the optimiser is forced to
perform the filter in the order we prefer.
This will only force the use of a CTE when:
1. The use_cte_for_search params is truthy.
2. We are using Postgres.
3. We have passed the `search` param.
The third item is important - searching issues using the search box does not use
the finder in this way, but contructs a query and appends `full_search` to
that. For some reason, this query does not suffer from the same issue.
Currenly, we only pass this param when filtering issuables (issues or MRs) in a
group context.
|
|
We had `item_project_ids` to help make slow queries on the dashboard faster, but
this isn't necessary any more - the queries are plenty fast, and we forbid
searching the dashboard without filters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
error page"
|
|
If you upload a file with a .js extension, Rails' cross-origin JavaScript
protection will prevent a user from downloading the file with a 422 error.
Setting the content-type to `text/plain` will allow the user to download
the file as a plaintext file.
Closes #45826
|
|
Backport of 1481-changing-weight-values-should-trigger-system-notes
See merge request gitlab-org/gitlab-ce!18699
|
|
`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.
It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.
It is already used by:
- `TermsController`
- `ContinueParams`
- `ImportsController`
- `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
redirecting to a different instance using Geo.
|
|
This enforces the terms in the web application. These cases are
specced:
- Logging in: When terms are enforced, and a user logs in that has not
accepted the terms, they are presented with the screen. They get
directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
with the screen to accept the terms. After they accept they are
directed to the dashboard.
- While a session is active:
- For a GET: The user will be directed to the terms page first,
after they accept the terms, they will be directed to the page
they were going to
- For any other request: They are directed to the terms, after they
accept the terms, they are directed back to the page they came
from to retry the request. Any information entered would be
persisted in localstorage and available on the page.
|
|
|
|
This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the
```
ArgumentError:
Attempting to generate a URL from non-sanitized request parameters!
An attacker can inject malicious data into the generated URL, such as
changing the host. Whitelist and sanitize passed parameters to be secure.
```
error.
[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
|
|
|
|
Moves LDAP to its own controller with tests
Provides path forward for implementing GroupSaml
|
|
|
|
Embedded Snippets Support
Closes #8088
See merge request gitlab-org/gitlab-ce!15695
|
|
Make archived projects completely read-only
Closes #44788
See merge request gitlab-org/gitlab-ce!18136
|
|
This refactors the Markdown pipeline so it supports the rendering of
multiple documents that may belong to different projects. An example of
where this happens is when displaying the event feed of a group. In this
case we retrieve events for all projects in the group. Previously we
would group events per project and render these chunks separately, but
this would result in many SQL queries being executed. By extending the
Markdown pipeline to support this out of the box we can drastically
reduce the number of SQL queries.
To achieve this we introduce a new object to the pipeline:
Banzai::RenderContext. This object simply wraps two other objects: an
optional Project instance, and an optional User instance. On its own
this wouldn't be very helpful, but a RenderContext can also be used to
associate HTML documents with specific Project instances. This work is
done in Banzai::ObjectRenderer and allows us to reuse as many queries
(and results) as possible.
|
|
|
|
authenticates_with_two_factor.rb
Rails 5.0 raises `ArgumentErrror` if an unrecognised callback is skipped.
https://github.com/rails/rails/commit/8b88df94ebda2e829782f514ff51caeaf5e694dd
This commit adds `raise: false` to the filter.
|
|
|
|
|
|
|
|
|
|
|
|
File uploads on objects storage should use hashed storage
Closes #4952
See merge request gitlab-org/gitlab-ee!4597
|
|
Allow maintainers to push forks of a project for branches that have open MRs
Closes #22292
See merge request gitlab-org/gitlab-ce!17395
|
|
|
|
|
|
Ensure that OTP backup codes are always invalidated - 10.5 port
See merge request gitlab/gitlabhq!2324
|
|
|
|
In some situations (listing labels for epics) we want to
list only group ancestor labels, this is already supported
in LabelsFinder we just need to enable additional parameters.
Also `set_issuables_index` method now loads project labels only if
@project is set (which is not used for epic group labels).
|
|
object-storage-ee-to-ce-backport
|
|
object-storage-ee-to-ce-backport
|
|
|
|
This reverts commit 54a575f1bbba44573ab92dc58a4242f1ee734c5d, reversing
changes made to c63af942e5baf7849a94fa99da8494bcba28e3f8.
|
|
Move uploads to object storage
Closes #4163
See merge request gitlab-org/gitlab-ee!3867
|
|
object-storage-ee-to-ce-backport
|
|
object-storage-ee-to-ce-backport
|
|
object-storage-ee-to-ce-backport
|
