root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
gitlab-ce/app/controllers
History
Douwe Maan 6d37fe952b Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 
Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x]  app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x]  app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030
 		2016-11-28 21:25:46 -03:00
..
admin Allow the Sidekiq queues to throttle and the factor by which to throttle them to be configurable 2016-11-10 11:38:11 -06:00
ci
concerns Ensure user is authenticated to create a new snippet 2016-11-28 16:57:49 +01:00
dashboard
explore
groups Add a starting date to milestones 2016-11-23 13:41:04 +02:00
import
oauth
profiles Remove event caching code 2016-11-23 14:17:07 +01:00
projects Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-28 21:25:46 -03:00
sherlock
abuse_reports_controller.rb
application_controller.rb Merge branch 'dz-allow-nested-group-routing' into 'master' 2016-11-24 04:31:54 +00:00
autocomplete_controller.rb Improved Ruby code in autocomplete user search 2016-11-18 16:10:48 +00:00
confirmations_controller.rb
dashboard_controller.rb
emojis_controller.rb
groups_controller.rb
health_check_controller.rb
help_controller.rb Fix broken external links in help/index.html 2016-11-20 20:15:08 +01:00
invites_controller.rb
jwt_controller.rb Merge branch 'unauthenticated-container-registry-access' into 'security' 2016-11-09 12:28:29 +01:00
koding_controller.rb
notification_settings_controller.rb
omniauth_callbacks_controller.rb
passwords_controller.rb
profiles_controller.rb implements reset incoming email token on issues modal and account page, 2016-11-07 15:56:18 +00:00
projects_controller.rb Revert "Merge branch '22680-unlabel-limit-autocomplete-to-selected-items' into 'master'" 2016-11-17 09:39:23 +00:00
registrations_controller.rb
root_controller.rb
search_controller.rb Fix broken commits search 2016-11-08 12:03:23 +02:00
sent_notifications_controller.rb Remove default value for `project` argument on subscribable concern 2016-11-17 15:10:13 -02:00
sessions_controller.rb
snippets_controller.rb
uploads_controller.rb
users_controller.rb Check all namespaces on validation of new username. 2016-11-17 19:59:03 +01:00