root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
gitlab-ce/app/controllers/projects
History
Douwe Maan 6d37fe952b Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 
Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x]  app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x]  app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030
 		2016-11-28 21:25:46 -03:00
..
boards Merge branch 'master' into issue-board-sidebar 2016-10-19 22:33:34 +01:00
cycle_analytics refactored updater and updated specs 2016-11-18 13:00:38 +01:00
application_controller.rb Remove project_labels from Projects::ApplicationController 2016-10-19 14:58:24 -02:00
artifacts_controller.rb
avatars_controller.rb Remove event caching code 2016-11-23 14:17:07 +01:00
badges_controller.rb
blame_controller.rb
blob_controller.rb Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
boards_controller.rb Fix board relates specs 2016-10-11 11:47:56 -03:00
branches_controller.rb Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-28 21:25:46 -03:00
builds_controller.rb Merge remote-tracking branch 'upstream/master' into pipeline-emails 2016-09-21 16:19:07 +08:00
commit_controller.rb Add Pipelines for Commit 2016-09-27 22:11:13 +01:00
commits_controller.rb Pass `@ref` along so we know which pipeline to show 2016-10-24 22:26:06 +08:00
compare_controller.rb
container_registry_controller.rb
cycle_analytics_controller.rb Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-28 21:25:46 -03:00
deploy_keys_controller.rb
discussions_controller.rb
environments_controller.rb Add EnvironmentSerializer to EnvironmentsController 2016-11-16 11:58:06 +00:00
find_file_controller.rb
forks_controller.rb Add authentication for for create action. Add more tests for for new and create actions 2016-11-15 01:59:11 +03:00
git_http_client_controller.rb Move LfsHelper to a new LfsRequest concern 2016-11-23 17:28:11 +01:00
git_http_controller.rb Move LfsHelper to a new LfsRequest concern 2016-11-23 17:28:11 +01:00
graphs_controller.rb Use Linguist::Language[] instead of creating a hash 2016-10-10 16:18:26 +02:00
group_links_controller.rb Only skip group when it's actually a group in the "Share with group" select 2016-11-04 12:42:19 +01:00
hooks_controller.rb
imports_controller.rb
issues_controller.rb Backport some changes done from Time Tracking feature in EE. 2016-11-18 21:19:04 -05:00
labels_controller.rb Use @project as default on ToggleSubscriptionAction concern 2016-11-17 15:10:13 -02:00
lfs_api_controller.rb Move LfsHelper to a new LfsRequest concern 2016-11-23 17:28:11 +01:00
lfs_storage_controller.rb Move LfsHelper to a new LfsRequest concern 2016-11-23 17:28:11 +01:00
merge_requests_controller.rb Prevent error when submitting a merge request and pipeline is not defined 2016-11-28 12:03:59 +01:00
milestones_controller.rb Add a starting date to milestones 2016-11-23 13:41:04 +02:00
network_controller.rb Refactor method name 2016-11-08 05:12:17 +09:00
notes_controller.rb Backport Note#commands_changes from EE 2016-11-24 14:32:32 +08:00
pipelines_controller.rb Improve code readability in pipelines controller 2016-11-07 13:33:04 +01:00
pipelines_settings_controller.rb Fix wrong template rendered when CI/CD settings aren't update successfully 2016-11-22 16:18:05 +01:00
project_members_controller.rb Implement CreateMembers service to make controller thin 2016-11-01 10:17:04 +02:00
protected_branches_controller.rb
raw_controller.rb
refs_controller.rb
releases_controller.rb
repositories_controller.rb
runner_projects_controller.rb
runners_controller.rb
services_controller.rb Make chat authorization to work [ci skip] 2016-11-17 21:34:23 +01:00
snippets_controller.rb Start Frontend work, fix routing problem 2016-09-19 19:50:40 +03:00
tags_controller.rb Fix lightweight tags not processed correctly by GitTagPushService 2016-10-28 13:53:18 -03:00
templates_controller.rb
todos_controller.rb Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-28 21:25:46 -03:00
tree_controller.rb
triggers_controller.rb
uploads_controller.rb
variables_controller.rb
wikis_controller.rb