Merge branch 'filter-import-url' into 'master'

Filter import_url params because they may contain auth information. Fixes #14199 cc @dzaporozhets @DouweM tagging you since this is security related. See merge request !3174
author: Douwe Maan <douwe@gitlab.com> 2016-03-12 14:08:48 +0000
committer: Douwe Maan <douwe@gitlab.com> 2016-03-12 14:08:48 +0000
commit: f979b4a2c85f3880a8b4fbb54b278d1ab5187792 (patch)
tree: a46113bea6700694f7ffa4413091350ddf2010a0 /config
parent: ff62e2060775795d9c4e70a8f565fd3a0305e561 (diff)
parent: 36ddca101e05ce885f23e9a797c577e81f70ab16 (diff)
download: gitlab-ce-f979b4a2c85f3880a8b4fbb54b278d1ab5187792.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/config/application.rb b/config/application.rb
index d8d1e7b4679..2b103c4592d 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -34,7 +34,7 @@ module Gitlab
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables)
+    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url)
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
author	Douwe Maan <douwe@gitlab.com>	2016-03-12 14:08:48 +0000
committer	Douwe Maan <douwe@gitlab.com>	2016-03-12 14:08:48 +0000
commit	f979b4a2c85f3880a8b4fbb54b278d1ab5187792 (patch)
tree	a46113bea6700694f7ffa4413091350ddf2010a0 /config
parent	ff62e2060775795d9c4e70a8f565fd3a0305e561 (diff)
parent	36ddca101e05ce885f23e9a797c577e81f70ab16 (diff)
download	gitlab-ce-f979b4a2c85f3880a8b4fbb54b278d1ab5187792.tar.gz