Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-05-01 | Allow `graphs` & `refs` project names | Bob Van Landuyt | |
2017-05-01 | Minor style adjustments | Bob Van Landuyt | |
2017-05-01 | Use `%r{}` regexes to avoid having to escape `/` | Bob Van Landuyt | |
2017-05-01 | The dynamic path validator can block out partial paths | Bob Van Landuyt | |
So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs` | |||
2017-05-01 | Make path validation case-insensitive | Bob Van Landuyt | |
2017-05-01 | Reject `-` as a path | Bob Van Landuyt | |
2017-05-01 | Rename `NamespaceValidator` to `DynamicPathValidator` | Bob Van Landuyt | |
This reflects better that it validates paths instead of a namespace model | |||
2017-05-01 | Use the namespace validator for validating all paths | Bob Van Landuyt | |
Since the namespacevalidator now knows the difference between a top-level and another path, this could all be handled there. | |||
2017-05-01 | Check `has_parent?` for determining validation type | Bob Van Landuyt | |
2017-05-01 | Split off validating full paths | Bob Van Landuyt | |
The first part of a full path needs to be validated as a `top_level` while the rest need to be validated as `wildcard` | |||
2017-05-01 | Improve detection of reserved words from routes | Bob Van Landuyt | |
2017-05-01 | Streamline the path validation in groups & projects | Bob Van Landuyt | |
`Project` uses `ProjectPathValidator` which is now a `NamespaceValidator` that skips the format validation. That way we're sure we are using the same collection of reserved paths. I updated the path constraints to reflect the changes: We now allow some values that are only used on a top level namespace as a name for a nested group/project. | |||
2017-05-01 | Add forbidden paths to the namespace validator | Bob Van Landuyt | |
2017-05-01 | Disallow some more namespaces | Bob Van Landuyt | |
These routes seem to be taken | |||
2017-04-06 | Rename cron_time_zone to cron_timezone. Separate add_concurrent_foreign_key. | Shinya Maeda | |
2017-04-06 | Separate cron_valid? and cron_time_zone_valid? | Shinya Maeda | |
2017-04-06 | Move Ci::CronParser to Gitlab::Ci::CronParser | Shinya Maeda | |
2017-04-06 | Add Import/Export Setting for trigger_schedule. Remove ref validation. | Shinya Maeda | |
2017-04-06 | Fix rubocop issues. Use add_concurrent_foreign_key. | Shinya Maeda | |
2017-04-06 | Add validator | Shinya Maeda | |
2017-03-21 | Merge branch 'ssrf' into 'security' | Douwe Maan | |
Protect server against SSRF in project import URLs See merge request !2068 | |||
2017-03-13 | Reserve few project and nested group paths | Dmitriy Zaporozhets | |
That have wildcard routes associated and not reserved yet: artifacts, graphs, badges and refs Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2017-03-07 | Restrict nested group names to prevent ambiguous routes | Dmitriy Zaporozhets | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2017-02-24 | Introduce DurationValidator, feedback: | Lin Jen-Shin | |
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9219#note_24032923 | |||
2017-02-23 | Enable Style/MutableConstant | Douwe Maan | |
2017-02-01 | Fix certificate validators | Kamil Trzcinski | |
2017-02-01 | Implement proper verification of certificate's public_key against the ↵ | Kamil Trzcinski | |
private_key | |||
2017-02-01 | Initial work on GitLab Pages update | Kamil Trzcinski | |
2017-01-06 | Whitelist next project names: assets, profile, public | Dmitriy Zaporozhets | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2016-12-21 | Whitelist next project names: notes, services | Dmitriy Zaporozhets | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2016-12-21 | Whitelist next project names: help, ci, admin, search | Dmitriy Zaporozhets | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2016-12-21 | Allow projects with dashboard as path | Dmitriy Zaporozhets | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2016-11-23 | Add nested groups support to the routing | Dmitriy Zaporozhets | |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | |||
2016-10-11 | Add `robots.txt` to the list of reserved namespaces | Nick Thomas | |
2016-09-29 | Add '.well-known' to the list of reserved namespaces | Robert Speicher | |
See https://gitlab.com/gitlab-org/gitlab-ce/issues/22759 | |||
2016-07-01 | refactor url validator to use sanitizer for check | James Lopez | |
2016-06-30 | few more changes from suggestions | James Lopez | |
2016-06-30 | few changes based on feedback | James Lopez | |
2016-06-24 | added more info on how addressable URI differs from what we use in UrlValidator | James Lopez | |
2016-06-23 | updated validator based on feedback | James Lopez | |
2016-06-20 | fix comment | James Lopez | |
2016-06-20 | fixed a few MySQL issues and added changelog | James Lopez | |
2016-06-20 | started working on a migration for projects that have current import_url issues | James Lopez | |
2016-06-20 | fix addressable url validator | James Lopez | |
2016-06-17 | fixing URL validation for import_url on projects | James Lopez | |
2016-02-26 | Allow webhooks URL to have leading and trailing spaces | evuez | |
2016-02-09 | Re-add EmailValidator to avoid the repetition of format: { with: ↵ | Rémy Coutable | |
Devise.email_regexp } | |||
2016-02-09 | Validate email addresses using Devise.email_regexp | Rémy Coutable | |
Also: - Get rid of legacy :strict_mode - Get rid of custom :email validator - Add some shared examples to spec emails validation | |||
2016-01-08 | Blacklist 'new' | Robert Schilling | |
2015-12-08 | Inline Gitlab::Blacklist in NamespaceValidator | Robert Speicher | |