Skip to content

Instantly share code, notes, and snippets.

@adaiguoguo

adaiguoguo/diff

Created March 21, 2017 07:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adaiguoguo/65bae906c190cc968a62bebc424251e6 to your computer and use it in GitHub Desktop.
Save adaiguoguo/65bae906c190cc968a62bebc424251e6 to your computer and use it in GitHub Desktop.
Download ZIP
gitlab CVE-2017-0882
Raw
diff
[root@vpct-gitlab-1 gitlab-rails]# diff app/controllers/projects/issues_controller.rb /tmp/issues_controller.rb
115c115
< render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } })
---
> render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
[root@vpct-gitlab-1 gitlab-rails]# diff app/controllers/projects/merge_requests_controller.rb /tmp/merge_requests_controller.rb
281c281
< render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } })
---
> render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment