Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-09-05 | Merge branch 'filter-web-hooks-by-branch' into 'master' | Dmitriy Zaporozhets | |
Filter web hooks by branch See merge request gitlab-org/gitlab-ce!19513 | |||
2018-08-30 | Allow whitelisting for "external collaborator by default" setting | Roger Rüttimann | |
2018-08-13 | Filter project hooks by branch | Duana Saskia | |
Allow specificying a branch filter for a project hook and only trigger a project hook if either the branch filter is blank or the branch matches. Only supported for push_events for now. | |||
2018-06-11 | Avoid checking the user format in every url validation | Francisco Javier López | |
2018-06-01 | Add validation to webhook and service URLs to ensure they are not blocked ↵ | Francisco Javier López | |
because of SSRF | |||
2018-03-05 | Projects and groups badges API | Francisco Javier López | |
2018-02-14 | Add more information in variable_duplicates validator error message | Matija Čupić | |
2018-02-13 | Add specs for VariableDuplicates validator | Matija Čupić | |
2018-02-06 | Validate User username only on Namespace, and bubble up appropriately | Douwe Maan | |
2017-11-06 | Reallow project paths ending in periods | Douwe Maan | |
2017-08-03 | Change all `:empty_project` to `:project` | Robert Speicher | |
2017-08-01 | Ensure all project factories use `:repository` trait or `:empty_project` | Robert Speicher | |
2017-06-21 | Rebuild the dynamic path before validating it | Bob Van Landuyt | |
Otherwise we won't validate updates to the path. Allowing users to change the path to something that's not allowed. | |||
2017-05-30 | Avoid crash when trying to parse string with invalid UTF-8 sequence | Bob Van Landuyt | |
2017-05-24 | Revert "Remove changes that are not absolutely necessary" | Douwe Maan | |
This reverts commit b0498c176fa134761d899c9b369be12f1ca789c5 | |||
2017-05-24 | Remove changes that are not absolutely necessary | Douwe Maan | |
2017-05-24 | Fix ambiguous routing issues by teaching router about reserved words | Douwe Maan | |
2017-05-02 | Add a better error message when a certain path is missing | Bob Van Landuyt | |
2017-05-02 | Update path validation & specs | Bob Van Landuyt | |
2017-05-02 | Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidator | Bob Van Landuyt | |
2017-05-01 | Reject group-routes as names of child namespaces | Bob Van Landuyt | |
2017-05-01 | Reject paths following namespace for paths including 2 `*` | Bob Van Landuyt | |
Reject the part following `/*namespace_id/:project_id` for paths containing 2 wildcard parameters | |||
2017-05-01 | Use `%r{}` regexes to avoid having to escape `/` | Bob Van Landuyt | |
2017-05-01 | The dynamic path validator can block out partial paths | Bob Van Landuyt | |
So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs` | |||
2017-05-01 | Make path validation case-insensitive | Bob Van Landuyt | |
2017-05-01 | Rename `NamespaceValidator` to `DynamicPathValidator` | Bob Van Landuyt | |
This reflects better that it validates paths instead of a namespace model | |||
2017-05-01 | Split off validating full paths | Bob Van Landuyt | |
The first part of a full path needs to be validated as a `top_level` while the rest need to be validated as `wildcard` | |||
2017-05-01 | Improve detection of reserved words from routes | Bob Van Landuyt | |
2017-05-01 | Streamline the path validation in groups & projects | Bob Van Landuyt | |
`Project` uses `ProjectPathValidator` which is now a `NamespaceValidator` that skips the format validation. That way we're sure we are using the same collection of reserved paths. I updated the path constraints to reflect the changes: We now allow some values that are only used on a top level namespace as a name for a nested group/project. | |||
2017-05-01 | Add forbidden paths to the namespace validator | Bob Van Landuyt | |