diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-03-21 18:51:17 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-03-22 12:34:38 +0100 |
commit | 4999495705c9ee3c78f04875e4a3251b02b3d433 (patch) | |
tree | 6cfde3e653c771f0b6f5e8bc00c6c1504058661e | |
parent | 0fcea6b660f92d6f97ce4b2c36f899cd97a0edec (diff) | |
download | gitlab-ce-4999495705c9ee3c78f04875e4a3251b02b3d433.tar.gz |
Merge branch 'fix/safe-import-url' into 'master'
Prevent tokens in the import URL to be showed by the UI
Quick fix to prevent the import URL to show a user's token.
See merge request !3331
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/models/project.rb | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index c108b643d83..3d76867919b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.6.0 (unreleased) - Add ability to move issue to another project + - Prevent tokens in the import URL to be showed by the UI - Fix bug where wrong commit ID was being used in a merge request diff to show old image (Stan Hu) - Add confidential issues - Bump gitlab_git to 9.0.3 (Stan Hu) diff --git a/app/models/project.rb b/app/models/project.rb index 85a7c406411..9c8246e8ac0 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -431,6 +431,7 @@ class Project < ActiveRecord::Base def safe_import_url result = URI.parse(self.import_url) result.password = '*****' unless result.password.nil? + result.user = '*****' unless result.user.nil? || result.user == "git" #tokens or other data may be saved as user result.to_s rescue self.import_url |