Commit Graph

6821 Commits (10a4ec9d8444e2d0c98191072b9f49a0913a6402)
 

Author SHA1 Message Date
Jean-Philippe Lang 8e6f54c4ec Prevent mass-assignment vulnerability when adding a project member (#922). 13 years ago
Jean-Philippe Lang 6b25085997 Prevent mass-assignment vulnerability when adding/updating an issue category (#922). 13 years ago
Jean-Philippe Lang 21c498557e Prevent mass-assignment vulnerability when adding/updating a document (#922). 13 years ago
Romano Licker cbf04e29b7 set width on main-menu when collapsed 13 years ago
jwollert 3194ed8162 Merge remote-tracking branch 'origin/feature/2.4.0/accessibility-master' into feature/2.4.0/accessibility-master 13 years ago
Jens Ulferts 799a0d37dc prettifying js 13 years ago
Jens Ulferts df082b5ebf setting values of attributes not translated to nil 13 years ago
Jens Ulferts 00e4a3f845 restructuring i18n form js to have inner functions 13 years ago
Jens Ulferts 4397a27b98 allow translations to be deleted when existing attribute is reused for another translation 13 years ago
Jens Ulferts 01a56c29c0 cleanup js: 13 years ago
Jens Ulferts 0c6ddd8030 adding comment 13 years ago
Jens Ulferts 1d1f923306 fixing minor bugs in custom_field: 13 years ago
Jens Ulferts 13813195e9 moving validates_uniqueness_of patch for globalized models into initializers 13 years ago
Jens Ulferts 911682f55c validate default_value in every provided locale 13 years ago
Jens Ulferts cbb6187c51 refactoring form builder: 13 years ago
Jens Ulferts 4e07a913c9 possible_values of custom_fields are now localizable 13 years ago
Jens Ulferts 74c9bc2896 enabling default_value of custom_fields to be localized by admins 13 years ago
Jens Ulferts b8dd70c325 prettifying indentation 13 years ago
Jens Ulferts 7178c1b3b7 enabling name attribute of custom_fields to be localized by admins 13 years ago
Felix Schäfer 4d83a94174 use all available languages as default 13 years ago
Felix Schäfer 9d163edc9a Merge remote-tracking branch 'origin/feature/2.4.0/accessibility-master' into feature/2.4.0/internationalization 13 years ago
Romano Licker 17e0a7b1ba add css class 'input-as-link' which styles a submit button 13 years ago
Gregor Schmidt c9a3b3b26e Reduce vertical height of tables to fit more content into viewport 13 years ago
jwollert a1fe27df31 uses #force_attributes= in watcher test for mass_assignment 13 years ago
jwollert 227a9cc075 uses #force_attributes= in version test for mass_assignment 13 years ago
jwollert 8e51863807 uses #force_attributes= in user test for mass_assignment 13 years ago
jwollert 2d6b5e0d44 uses #force_attributes= in project test for mass_assignment 13 years ago
jwollert b735e34f5d uses #force_attributes= in member test for mass_assignment 13 years ago
jwollert 10f8262794 uses #force_attributes= in issue test for mass_assignment 13 years ago
jwollert db08d00172 uses #force_attributes= for mass assignment in issue_nested_set_test 13 years ago
jwollert 650c274533 use #force_attributes= in group_test 13 years ago
jwollert dc8483b15d fixes copying projects 13 years ago
jwollert 3eca274548 fixes creation of member_roles 13 years ago
jwollert 934d22ec67 protect relations to users (assigned_to, author_id etc.) in models, too 13 years ago
Gregor Schmidt ad1f36b16d Avoid calling attr_protected if _accessible is used 13 years ago
Jens Ulferts 1c1a7c9d84 refactored allowed_to to be more extensible 13 years ago
Martin Linkhorst 4e9c17fca8 some documentation regarding mass assignment, show full stack trace in console 13 years ago
Martin Linkhorst bfc4a441f4 fix: use the old style #force_attributes 13 years ago
Martin Linkhorst 7b34ebdc47 refactor dealing with mass assignment 13 years ago
Martin Linkhorst c7e130f010 fix to work with protected :project_id 13 years ago
Martin Linkhorst a9444cbbfb show log unit costs in issue detail page, fixes #26310 13 years ago
jwollert 4fb1888965 fixes creation of anonymous user. shouldn't mass assign protected attributes (i.e. login) 13 years ago
Martin Linkhorst 6faf3c653d add translation for Account, fixes #25922 #25924 13 years ago
Martin Linkhorst 84bdd935eb fix typo, issue #25928 13 years ago
Martin Linkhorst 009dc110a4 don't show multiple issue status in backlog, fixes #25703 13 years ago
Martin Linkhorst 25f4d79191 don't show users registration date on profile page (/users/:id) fixes #24805 13 years ago
Martin Linkhorst cc74c1e998 added attr_protected calls to protect mass assignment of :project_id through a view 13 years ago
Martin Linkhorst 2a140068ed add missing translations for last commit 13 years ago
Martin Linkhorst 97ff222d1c Only allow project admins to export issues. export formats are: atom, rss, api, xls, csv, pdf. #25512 13 years ago
Martin Linkhorst fcac419324 better locking info. issue #25606 13 years ago