Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #21769: Missing CSRF protection for most administrative actions of a Git repository

Download Browse

Change-Id: Ie98ea0d802dece618038ea6179b3a3ebd0395bec

+213 −61
Thomas Gerbet (tgerbet) 2021-06-07 11:44
Thomas Gerbet (tgerbet) 2021-06-07 14:13
e3ada9431e035e3f64f9690fc3c881b075c48a51
eb8f4deb7551a1134b18b5d9d67d9a5616f6f71d
git #tuleap/stable/e3ada9431e035e3f64f9690fc3c881b075c48a51

Modified Files

Side by side diff
Inline diff
Name
M plugins/git/include/Git.class.php +33 −4 Go to diff View file
M plugins/git/include/GitPresenters/AdminDefaultSettingsPresenter.php +5 −0 Go to diff View file
M plugins/git/include/GitPresenters/AdminGerritTemplatesPresenter.class.php +1 −1 Go to diff View file
M plugins/git/include/GitPresenters/AdminGitAdminsPresenter.class.php +1 −1 Go to diff View file
M plugins/git/include/GitPresenters/AdminMassUpdatePresenter.class.php +1 −1 Go to diff View file
M plugins/git/include/GitPresenters/AdminMassUpdateSelectRepositoriesPresenter.class.php +1 −1 Go to diff View file
M plugins/git/include/GitPresenters/AdminPresenter.php +7 −0 Go to diff View file
M plugins/git/include/GitPresenters/MirroringPresenter.php +6 −1 Go to diff View file
M plugins/git/include/GitPresenters/RepositoryPaneNotificationPresenter.php +7 −0 Go to diff View file
M plugins/git/include/GitViews/RepoManagement/Pane/AccessControl.class.php +1 −0 Go to diff View file
M plugins/git/include/GitViews/RepoManagement/Pane/Delete.class.php +1 −0 Go to diff View file
M plugins/git/include/GitViews/RepoManagement/Pane/Gerrit.class.php +3 −0 Go to diff View file
M plugins/git/include/GitViews/RepoManagement/Pane/Mirroring.class.php +2 −1 Go to diff View file
M plugins/git/include/GitViews/RepoManagement/Pane/Notification.class.php +2 −0 Go to diff View file
M plugins/git/include/GitViews/RepoManagement/Pane/Pane.class.php +14 −0 Go to diff View file
M plugins/git/include/mvc/PluginController.class.php +2 −1 Go to diff View file
M plugins/git/templates/admin-gerrit-templates.mustache +4 −1 Go to diff View file
M plugins/git/templates/admin-git-admins.mustache +4 −1 Go to diff View file
M plugins/git/templates/mirroring.mustache +3 −0 Go to diff View file
M plugins/git/templates/settings/general-settings.mustache +3 −0 Go to diff View file
M plugins/git/templates/settings/notifications.mustache +3 −0 Go to diff View file
M plugins/git/tests/unit/GitForkCrossProjectTest.php +7 −5 Go to diff View file
M plugins/git/tests/unit/GitForkRepositoriesTest.php +3 −1 Go to diff View file
M plugins/git/tests/unit/GitGerritRouteTest.php +16 −10 Go to diff View file
M plugins/git/tests/unit/GitTest.php +15 −8 Go to diff View file
M plugins/hudson_git/include/HudsonGit/Git/Administration/AdministrationPresenter.php +5 −0 Go to diff View file
M plugins/pullrequest/include/PullRequest/DefaultSettings/DefaultSettingsController.php +15 −8 Go to diff View file
M plugins/pullrequest/include/PullRequest/DefaultSettings/PullRequestPane.php +7 −2 Go to diff View file
M plugins/pullrequest/include/PullRequest/DefaultSettings/PullRequestPanePresenter.php +11 −2 Go to diff View file
M plugins/pullrequest/include/PullRequest/RepoManagement/PullRequestPane.php +2 −1 Go to diff View file
M plugins/pullrequest/include/PullRequest/RepoManagement/PullRequestPanePresenter.php +7 −1 Go to diff View file
M plugins/pullrequest/include/PullRequest/RepoManagement/RepoManagementController.php +15 −10 Go to diff View file
M plugins/pullrequest/templates/default-settings.mustache +3 −0 Go to diff View file
M plugins/pullrequest/templates/repository-settings.mustache +3 −0 Go to diff View file