root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
85,275 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

19 Commits

Author SHA1 Message Date
Nick Thomas 69645389e9
Prevent a path traversal attack on global file templates 
The API permits path traversal characters like '../' to be passed down
to the template finder. Detect these requests and cause them to fail
with a 500 response code.
 2018-12-05 14:12:35 +00:00
Douglas Barbosa Alexandre 5c519d1194 Add a helper method to append path to a base URL 
In Ruby 2.4, `URI.join("http://test//", "a").to_s` will
remove the double slash, however it's not the case in
Ruby 2.5. Using chomp should work better for the intention,
as we're not trying to allow things like ../ or / paths
resolution.

This helper method append path to host, making sure
there's one single slash as path separator.
 2018-11-06 21:32:01 -08:00
gfyoung c858f70d07 Enable frozen string for lib/gitlab/*.rb 2018-10-22 07:00:50 +00:00
Rubén Dávila d28b1dfc46 Backport of EE !4989 2018-04-11 22:05:07 -05:00
Eric Eastwood a6c7d8050e Add custom additonal email text to all emails 
Fix https://gitlab.com/gitlab-org/gitlab-ee/issues/4474

Conflicts:
	db/schema.rb
	ee/app/controllers/ee/admin/application_settings_controller.rb
	ee/app/helpers/ee/application_settings_helper.rb
	ee/app/models/ee/application_setting.rb
	ee/app/models/license.rb
	ee/app/views/layouts/service_desk.html.haml
	ee/app/views/notify/approved_merge_request_email.html.haml
	ee/app/views/notify/service_desk_new_note_email.text.erb
	ee/app/views/notify/service_desk_thank_you_email.text.erb
	ee/app/views/notify/unapproved_merge_request_email.html.haml
	ee/lib/ee/api/entities.rb
	ee/spec/controllers/admin/application_settings_controller_spec.rb
	ee/spec/models/application_setting_spec.rb
	ee/spec/requests/api/settings_spec.rb
	lib/api/settings.rb
	spec/mailers/previews/notify_preview.rb
 2018-04-04 12:29:03 -05:00
Mario de la Ossa f9d61717cf Gitlab::Utils - backport `.ensure_array_from_string` from EE 2018-03-06 21:16:55 +00:00
Robert Speicher 791ca43f3f Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3' 
Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers
 2018-01-16 17:04:51 -08:00
Michael Kozono ab814e4dd3 Backport `which` from EE 2017-12-01 15:26:40 -08:00
Bob Van Landuyt bde39322f1 Add a linter for PO files 2017-08-31 14:10:04 +02:00
vanadium23 e99444bb2d Fix CI_PROJECT_PATH_SLUG slugify 2017-08-15 08:22:56 +03:00
Lin Jen-Shin efebdba21d Frontend implementation, tests, and changelog 2017-05-25 19:31:21 +08:00
Felipe Artur f4e31b820e Fix project features default values 2016-11-01 11:03:56 -02:00
Lin Jen-Shin f3e8b88814 Use travel_to instead of dependency injection, feedback: 
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5734#note_14056642
 2016-08-19 16:57:25 +08:00
Lin Jen-Shin ce64133516 Introduce Gitlab::Utils.now so that it's easier to stub 2016-08-15 21:32:36 +08:00
Onur Küçük 0ae574007d add common method to force utf8 and force oauth properties to be utf8 2015-05-03 00:43:46 +03:00
Valery Sizov bf8b874117 fix system silent call 2014-11-06 13:07:42 +02:00
Valery Sizov d1b489e048 Revert "Revert "Don't output to stdout from lib non-interactive methods"" 
This reverts commit b33d4bc2f1.
 2014-11-06 13:07:16 +02:00
Valery Sizov b33d4bc2f1 Revert "Don't output to stdout from lib non-interactive methods" 
This reverts commit 0b1084a453.
 2014-11-06 11:58:00 +02:00
Ciro Santilli 0b1084a453 Don't output to stdout from lib non-interactive methods 
It pollutes the test output too much.
 2014-11-05 12:35:33 +01:00