| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Protect OmniAuth request phase against CSRF.
Addresses #2268.
See merge request !1793
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Use task_list gem for task lists
Task Lists can now be used in comments, and they'll render in previews. :clap:
Closes internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2271
See merge request !599
|
|
|
|
|
|
|
|
|
|
Update config.yml.example
See merge request !597
|
|
Add application setting to restrict user signups to e-mail domains
This feature was requested long ago:
http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains
This MR is based off !253 but changed to use application settings and use wildcard strings
to give more flexibility in pattern matching. Regexps seemed overkill and prone to mistakes.
Also note that validation is ONLY done on creation to prevent breaking existing users who do not have a whitelisted domain. However, this allows a user to sign-up and change his/her email to a non-whitelisted domain.
Screenshots:
See merge request !598
|
|
This feature was requested long ago:
http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains
This MR is based off !253 but changed to use application settings and use wildcard strings
to give more flexibility in pattern matching. Regexps seemed overkill and easy to get wrong.
Only restrict e-mail addresses upon creation
|
|
|
|
sent through Devise
Fix test case that was passing due to a broken `around` statement.
Closes #1556
|
|
Fix bug where commit data would not appear in some subdirectories
Fix issue where commit data would not show up in some subdirectories due to escaped slashes. For example:
https://gitlab.common-lisp.net/ecl/ecl/tree/develop/src/gc (now patched with fix)
The upgrade from Rails v4.1.2 to v4.1.9 (76aad9b76ed) caused slashes in a tree to be escaped automatically. Using a wildcard glob in the route prevents this behavior.
* Closes #1478, #1459
* Closes https://github.com/gitlabhq/gitlabhq/issues/9037
See merge request !581
|
|
Remove duplicate settings for default_url_options
Closes #2269
See merge request !1797
|
|
The upgrade from Rails v4.1.2 to v4.1.9 (76aad9b76ed) caused slashes in a tree to be escaped automatically.
Using wildcard globs prevents this behavior.
Closes #1478, #1459
|
|
Add new global application settings for default project and snippet
visibility levels.
|
|
|
|
|
|
Add project activity atom feed and show atom feed buttons everywhere where applicable.
See merge request !555
|
|
Fixes #2266
|
|
|
|
Fix two places where we should be using `Rails.env.development?`
See merge request !550
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Conflicts:
app/controllers/snippets_controller.rb
|
|
"Reply quoting selected text" shortcut/hotkey
Adds the <kbd>r</kbd> hotkey for quoting selected text on Issuable forms.
This MR also updates the jasmine gem and adds jasmine-rails to let us use the asset pipeline (and Coffeescript) in JS specs.
See merge request !1775
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit d365004e684e98459061fcd5fbaf9bea880934a8.
|
|
Add config var to block auto-created LDAP users.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2110.
See merge request !522
|
|
Allow users to be invited.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2058.
The "Add members" panes for both Group Members and Project Members have gained a line of text by the People field.
Entering an email address that is not already a member will give you the option to invite them.
Choosing the option will add them to the People field. This works the right way (TM) in combination with adding existing users as members.
The invited member will be shown in the members list as such. The access level can be changed, and the invite can be revoked by deleting the member.
The invited user will receive an email with an "Accept invitation" link.
If they're not already logged in, clicking this link will redirect them to the sign in/up page with a helpful notice.
Signing in or signing up will redirect them back to the invite detail page, where they can actually accept the invitation, which will update the member record in question to point to the user in question.
Accepting the invitation will redirect them to the group (or project) with an appropriate notice.
As currently, they will also receive this information by email.
At the same time, the person who initially invited the email address is sent a notification as well, so they know of the new member and to tell them what name the user signed up with.
The member row on the Members page will now have been updated with the new user account.
See merge request !500
|
|
Import projects from Google Code.
Resolves #1257.
Issue import logic almost entirely taken from https://gitlab.com/o9000/google-code-to-gitlab ( :hearts: @o9000).
### To do
- [x] List projects from Google Takeout file
- [x] Import Git repository
- [x] Import issues
- [x] Link to correct attachment URL (https://code.google.com/p/support-tools/issues/detail?id=50)
- [x] Handle deleted attachments
- [x] Handle blockedOn attribute
- [x] Add directions on how to get data from Google Takeout
### Import instructions
### Imported issue
See merge request !471
|
|
|
|
|
|
Fix directory traversal vulnerabilities
Fixes gitlab/gitlab-ee#272.
As @joern mentions:
> This is not exploitable via the front-end nginx. But nevertheless this issue should be addressed.
See merge request !1760
|
|
|
|
|
