Skip to content

Instantly share code, notes, and snippets.

@adaiguoguo adaiguoguo/diff
Created Mar 21, 2017

Embed
What would you like to do?
gitlab CVE-2017-0882
[root@vpct-gitlab-1 gitlab-rails]# diff app/controllers/projects/issues_controller.rb /tmp/issues_controller.rb
115c115
< render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } })
---
> render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
[root@vpct-gitlab-1 gitlab-rails]# diff app/controllers/projects/merge_requests_controller.rb /tmp/merge_requests_controller.rb
281c281
< render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } })
---
> render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.