root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
111,828 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

164 Commits

Author SHA1 Message Date
Dylan Griffith 06c111ca8f Ensure users can't create environments with leading or trailing slashes (Fixes #39885) 2018-02-13 11:07:12 +11:00
Robert Speicher 72a57525a8 Merge branch 'ac/41346-xss-ci-job-output' into 'security-10-3' 
[10.3] Fix XSS vulnerability in Pipeline job trace

See merge request gitlab/gitlabhq!2258

(cherry picked from commit 44caa80ed9a2514a74a5eeab10ff51849d64851b)

5f86f3ff Fix XSS vulnerability in Pipeline job trace
 2018-01-16 17:04:38 -08:00
Grzegorz Bizon f3f606966d Merge branch 'check-environment-regex' into 'master' 
Fix environment scope regex

See merge request gitlab-org/gitlab-ee!3641
 2018-01-08 17:18:04 +09:00
Grzegorz Bizon f4df4f9e35 Update container repository path reference 
We should allow to use double underscore in the path, and it seems that
our container repository path regexp was outdated.

See https://github.com/docker/distribution/blob/master/reference/regexp.go
 2017-11-16 09:31:07 +01:00
Alessio Caiazza 91f8e734fe
Add CI build trace sections extractor 2017-10-05 15:42:25 +02:00
Shinya Maeda fe9fc0af75 Enfouce namespace for Kubernetes to lowercase 2017-08-22 15:12:27 +09:00
Grzegorz Bizon 59c808a636 Add a test for container repository name regexp 2017-07-19 10:52:03 +02:00
Grzegorz Bizon 9f36012e02 Fix docker tag reference routing constraints 2017-07-19 10:30:57 +02:00
Lin Jen-Shin d9435d6121 Backports for ee-2112 
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2112
 2017-07-06 16:25:03 +08:00
Tiago Botelho 1207d451ed Removes file_name_regex from Gitlab::Regex 2017-07-05 19:10:14 +01:00
Tiago Botelho d1e0b1b3a8 Allow creation of files and directories with spaces in web UI 2017-07-05 16:08:57 +01:00
Zeger-Jan van de Weg 5eb940da76 Replace invalid chars while seeding environments 2017-06-21 11:16:38 +00:00
Douwe Maan 43b1750892 Revert "Remove changes that are not absolutely necessary" 
This reverts commit b0498c176f
 2017-05-24 20:59:26 +00:00
Douwe Maan b0498c176f Remove changes that are not absolutely necessary 2017-05-23 20:38:35 -05:00
Douwe Maan 4345bb8c50 Fix ambiguous routing issues by teaching router about reserved words 2017-05-23 20:38:24 -05:00
Bob Van Landuyt c853dd6158 Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidator 2017-05-02 09:13:41 +02:00
Douwe Maan d170133bde Refactor changing files in web UI 2017-04-20 00:37:44 +00:00
Grzegorz Bizon 1a47986b3d Check registry repository name against regexp 
This regexp is extracted from Docker Distribution 2.4.1 docs, contains
additional `/` element that can be a separator of components.
 2017-04-03 11:38:39 +02:00
Douwe Maan ad640bc5f9 Use Namespace#full_path instead of #path where appropriate 2017-02-23 17:55:01 -06:00
Dmitriy Zaporozhets 2c55fd0019 Add GFM support to nested groups 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2017-02-13 22:30:10 +02:00
blackst0ne ad977e8bb2 Allow to use + symbol in filenames 2017-01-15 19:48:35 +11:00
Nick Thomas 93a03cd92f Add an environment slug 2016-12-15 13:57:03 +00:00
Nick Thomas b7b83fe0c9 Introduce deployment services, starting with a KubernetesService 2016-12-14 21:06:26 +00:00
winniehell 61aa90ef20 Allow all alphanumeric characters in file names (!8002) 2016-12-13 09:13:06 +01:00
Dmitriy Zaporozhets 6683fdcfb0
Add nested groups support to the routing 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-11-23 14:08:36 +02:00
Dmitriy Zaporozhets 5949f398f7
Fix 500 error when group name ends with git 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-11-21 21:03:18 +02:00
Timothy Andrew 78b6d6624b Allow registering users where the username contains dots (.). 
Javascript does not support the negative lookbehind assertion (?<!) used
in the Ruby regex (to disallow usernames ending in `.git` or `.atom`.

Getting the client side code to fully support this format is
non-trivial, since we'd either have to heavily complicate the
regex used, or modify the frontend code to support more complex
validation schemes (it currently uses HTML5 validations).

The pragmatic choice is to create a
`Gitlab::Regex::NAMESPACE_REGEX_STR_SIMPLE` regex to serve as a
Javascript-compatible version of `NAMESPACE_REGEX_STR`.

The client-side code will not display an error for usernames ending in
`.git` and `.atom`, but these will be caught by the server-side
validation.
 2016-11-18 11:47:37 +05:30
Vincent Composieux af941732ed
Added ability to put emojis into repository name 
Added ability to put emojis into repository name
 2016-11-12 09:21:23 +01:00
Dmitriy Zaporozhets 7061131676
Refactor namespace regex 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-11-07 18:40:57 +02:00
Will Starms 4f1de5faac Correct namespace validation to forbid bad names #21077 
Adds .git and .atom to the master namespace regex
Updates existing group tests and adds two new ones
Updates path cleaning to also forbid .atom
 2016-10-07 13:46:59 -05:00
Robert Speicher 313f3181cc Remove trailing spaces from messages in Gitlab::Regex 2016-09-20 07:20:48 +03:00
Kamil Trzcinski 8fe05d83ac Fix validation regexs (+1 squashed commit) 
Squashed commits:
[f9a9315] Use : to test invalid environment name
 2016-09-19 10:07:15 +02:00
Kamil Trzcinski 223041fa1b Fix environments handling 2016-09-19 10:07:15 +02:00
Kamil Trzcinski a4638dddf2 Add support for dynamic environments 
Environments that can have a URL with predefined CI variables.
 2016-09-19 10:05:35 +02:00
Grzegorz Bizon 9e211091a8 Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
Kamil Trzcinski e8f09f02bf Validate environment name with regex 2016-06-14 13:04:21 +02:00
Kamil Trzcinski 5196f8e993 WIP 2016-05-08 22:50:30 +02:00
Kamil Trzcinski b0ddbaa07c Added docker registry view 2016-05-04 11:31:35 +02:00
James Lopez ae73e73bee Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into fix/atom-url-issue 2016-02-02 15:15:59 +01:00
Jacob Vosmaer 72bd004b31 Allow "@" in file names and path 2016-02-01 16:20:49 +01:00
James Lopez eb51a4ac1b refactor previous test and add validation to project model 2016-01-29 15:35:21 +01:00
Ben Ford 3be9d2c422 Add ability to create directories in the editor 
Simply type a name with a `/` directory separator and new directories
will be created. This does not do the fancy UI work that github.com
does, but it will get the job done.

I could not find tests for file creation, so I didn't add a test for
this slight behaviour modification. I did test directory traversals
though, using both absolute paths like `/tmp/foo.txt` and relative paths
like `../../foo.txt`. Neither case escaped the repository, though
attempting to traverse with a relative path resulted in a 500 error that
did not affect application stability upon reload.
 2015-10-29 15:49:07 +01:00
Jakub Jirutka a1c01bc19b Fix (project_)name_regex to accept non-ASCII letters and dash 2015-04-27 16:38:47 +02:00
Douwe Maan 5f839770e7 Revert "Rename namespace_regex to namespace_path_regex." 
This reverts commit c0116926c7.
 2015-04-24 15:16:38 +02:00
Douwe Maan c0116926c7 Rename namespace_regex to namespace_path_regex. 2015-04-24 14:49:22 +02:00
Douwe Maan 1d2a5ee188 Revert "Revert disallowing usernames to end in period." 
This reverts commit c75c6b840b.
 2015-04-24 14:47:49 +02:00
Douwe Maan c75c6b840b Revert disallowing usernames to end in period. 2015-04-20 12:41:44 +02:00
Douwe Maan 5f93b0e3da Don't allow username to end in period. 2015-03-27 11:10:56 +01:00
Douwe Maan dfe0f9eedf Use more specific regexes. 2015-03-27 11:09:29 +01:00
Valery Sizov a9f7fd2c1a Github Importer 2015-01-10 09:51:43 -08:00
Ciro Santilli 6bae8c48ef Update default regex message to match regex. 2014-10-01 13:19:40 +02:00
Dmitriy Zaporozhets 6a0cb25096
Dont allow ? in project path 
Because it causes 500 error on every page where link to such project
exists

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-07-08 18:15:23 +03:00
Ciro Santilli b1c40e8151 Fix username validation message to match regexp. 
Also used for project, group and web ui new file names.
 2014-06-26 13:31:34 +02:00
mk 61a72bc2e2 Allow underscore as the first char for project names. 
Not sure if the default_regex really has to be expanded for this special use case. We tried to extend only the project_name_regex first, but that didn't help.
 2014-03-06 14:08:40 +01:00
Jeroen van Baarsen cc1f7ea2de Allow . files to be created 
Fixes: https://github.com/gitlabhq/gitlabhq/issues/5770
 2014-01-14 18:26:01 +01:00
Jason Hollingsworth 7cc2520541 Add support for various archive formats. 
Used mime-types gem instead of hardcoding content types.
Allow multiple extensions in archive route (.tar.gz, .tar.bz2).
Change content disposition from infile(?) to attachment for api.
Fixed api would return “archive” instead of {project}-{hash}.{ext}
 2014-01-02 10:18:56 -06:00
Jason Hollingsworth 405492e90c Fixed issue with `bundle exec rake routes` not running. 
Wrap regex comments in (?#comment) construct.
 2013-12-23 20:01:38 -06:00
Dmitriy Zaporozhets 64edb27aa9
Extend Gitlab#default_regex. Dont allow project path ends with .git 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2013-11-13 16:13:40 +02:00
Peter Fern 05c988419f Expand refs constraints to include valid characters 
Fixes #4831, #4865, #4932
 2013-10-24 16:31:15 +11:00
Dmitriy Zaporozhets 7825830ca5 Allow project name, path etc start with number. Fixed specs 2013-08-13 12:24:10 +03:00
Dmitriy Zaporozhets 020078663e Prevent xss attack over group name. Added regex validation for group and team name 2013-02-18 09:28:18 +02:00
Dmitriy Zaporozhets 1f3bdd453e Allow spaces in project name 2012-12-28 09:29:57 +02:00
Andrey Kumanyaev 17ea019f4e Add Project name validation 2012-12-26 19:52:15 +04:00
Dmitriy Zaporozhets 47234ab367 Validate username. Gitlab::Regex added 2012-11-28 06:14:05 +03:00