| Age | Commit message (Collapse) | Author |
|---|
|
Fix some issues with Google Code importer
Thanks, @mrtux, for reporting all of these.
See merge request !551
|
|
Revert and re-fix image rendering in help pages
Closes #2212
See merge request !1765
|
|
Remove access control for uploaded images to fix broken images in emails
Replaces !530.
> This MR removes the access control for uploaded images. This is needed to display the images in emails again.
>
> The previous solution to base64 encode the images had to be reverted, because not all email clients supported it.
>
> If possible this should go into the 7.10 release.
See merge request !533
|
|
Decrease memory use and increase performance of Google Code importer.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2241.
See merge request !536
|
|
|
|
Don't crash when project repository doesn't exist.
See merge request !524
|
|
Don't leak existence of group or project via search.
Fixes gitlab/gitlab-ee#266.
See merge request !1762
|
|
Allow users to be invited.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2058.
The "Add members" panes for both Group Members and Project Members have gained a line of text by the People field.
Entering an email address that is not already a member will give you the option to invite them.
Choosing the option will add them to the People field. This works the right way (TM) in combination with adding existing users as members.
The invited member will be shown in the members list as such. The access level can be changed, and the invite can be revoked by deleting the member.
The invited user will receive an email with an "Accept invitation" link.
If they're not already logged in, clicking this link will redirect them to the sign in/up page with a helpful notice.
Signing in or signing up will redirect them back to the invite detail page, where they can actually accept the invitation, which will update the member record in question to point to the user in question.
Accepting the invitation will redirect them to the group (or project) with an appropriate notice.
As currently, they will also receive this information by email.
At the same time, the person who initially invited the email address is sent a notification as well, so they know of the new member and to tell them what name the user signed up with.
The member row on the Members page will now have been updated with the new user account.
See merge request !500
|
|
Import projects from Google Code.
Resolves #1257.
Issue import logic almost entirely taken from https://gitlab.com/o9000/google-code-to-gitlab ( :hearts: @o9000).
### To do
- [x] List projects from Google Takeout file
- [x] Import Git repository
- [x] Import issues
- [x] Link to correct attachment URL (https://code.google.com/p/support-tools/issues/detail?id=50)
- [x] Handle deleted attachments
- [x] Handle blockedOn attribute
- [x] Add directions on how to get data from Google Takeout
### Import instructions
### Imported issue
See merge request !471
|
|
|
|
|
|
Fix directory traversal vulnerabilities
Fixes gitlab/gitlab-ee#272.
As @joern mentions:
> This is not exploitable via the front-end nginx. But nevertheless this issue should be addressed.
See merge request !1760
|
|
|
|
This commit allows user to show one of their emails in profile page,
or don't show email in this page.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Skip email confirmation when set by admin or via LDAP.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2203.
See merge request !494
|
|
Allow admin to create public deploy keys that are accessible to any project.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/1774.
Project settings:
The "Public deploy keys" section is only shown when there are any. If there are public deploy keys but no project deploy keys, only public deploy keys are shown. If there are no public deploy keys and no project deploy keys, the current "Deploy keys from projects you have access to will be displayed here" placeholder is shown.
The list of projects below the public key has been changed to only show projects the user has access to.
"Public deploy key" seems to be repeated on the left, but the first is just the title. The label is always visible for public deploy keys.
Admin index:
Admin detail page:
Projects using the deploy key are listed on the left and can be disabled easily.
See merge request !469
|
|
Fix persistent XSS vulnerability around profile website URLs.
Fixes gitlab/gitlab-ee#268
See merge request !1761
|
|
Upon successful login, clear `reset_password_token` field
Closes #1942
See merge request !1757
|
|
|
|
|
|
|
|
|
|
Closes #1942
|
|
Fix bug where Wiki pages that include a '/' were no longer accessible
### What does this MR do?
This MR fixes a regression that caused Wiki pages that included a '/' to no longer be accessible.
### Are there points in the code the reviewer needs to double check?
Are there cases that `wiki_helper.rb` doesn't handle?
### Why was this MR needed?
The upgrade from Rails v4.1.2 to v4.1.9 (76aad9b76ed) caused slashes in a model ID to be escaped automatically. We can no longer use the built-in the URL helpers to generate the links for Wiki pages if we want to maintain support for slashes. There is no option to tell the formatter otherwise:
http://stackoverflow.com/questions/25031791/rails-4-1-2-to-param-escapes-slashes-and-breaks-app
The Rails code in question is here:
https://github.com/rails/rails/blob/4-1-stable/actionpack/lib/action_dispatch/journey/visitors.rb#L159
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
#1363
See merge request !502
|
|
Render a 404 when RefsController#logs_tree gets an HTML request
Fixes #2152
See merge request !1748
|
|
Closes #1363
|
|
Fixes #2152
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Support configurable attachment size in Application Settings page
### What does this MR do?
This MR provides the ability to configure the maximum size of an attachment inside a note. A parameter has been added to the Application Settings page.
### Are there points in the code the reviewer needs to double check?
What should be done with the legacy note attachment validation? I added code to make the validation work with the configurable setting. I could see an issue where an admin lowers the limit from 10 megabytes to 5 megabytes, which could cause an existing model to be invalid.
### Why was this MR needed?
We often have attachments that exceed 10 MB, and it would be nice to be able to override the defaults.
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
See Issue #1258
### Screenshots
Before:
After:
See merge request !407
|
