3 files changed, 20 insertions, 1 deletions

diff --git a/app/assets/javascripts/work_items/components/item_title.vue b/app/assets/javascripts/work_items/components/item_title.vue
index 6aa3c54705c..1c0fed2dde9 100644
--- a/app/assets/javascripts/work_items/components/item_title.vue
+++ b/app/assets/javascripts/work_items/components/item_title.vue
@@ -29,6 +29,11 @@ export default {
     handleSubmit() {
       this.$refs.titleEl.blur();
     },
+    handlePaste(e) {
+      e.preventDefault();
+      const text = e.clipboardData.getData('text');
+      this.$refs.titleEl.innerText = text;
+    },
   },
 };
 </script>
@@ -48,6 +53,7 @@ export default {
       :contenteditable="!disabled"
       class="gl-px-4 gl-py-3 gl-ml-n4 gl-border gl-border-white gl-rounded-base gl-display-block"
       :class="{ 'gl-hover-border-gray-200 gl-pseudo-placeholder': !disabled }"
+      @paste="handlePaste"
       @blur="handleBlur"
       @keyup="handleInput"
       @keydown.enter.exact="handleSubmit"
diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
index 613999f4ca7..03921761f45 100644
--- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
+++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
@@ -8,6 +8,8 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
   skip_before_action :authenticate_user!
   skip_before_action :verify_authenticity_token
 
+  before_action :validate_redirect_uri, only: :new
+
   feature_category :integrations
 
   # 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL.
@@ -56,4 +58,15 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
   def normalize_scope(scope)
     scope == 'repo' ? 'api' : scope
   end
+
+  def validate_redirect_uri
+    client = Doorkeeper::OAuth::Client.find(params[:client_id])
+    return render_404 unless client
+
+    return true if Doorkeeper::OAuth::Helpers::URIChecker.valid_for_authorization?(
+      params['redirect_uri'], client.redirect_uri
+    )
+
+    render_403
+  end
 end
diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb
index 7890502cf0e..c542ffbce7e 100644
--- a/app/finders/notes_finder.rb
+++ b/app/finders/notes_finder.rb
@@ -117,7 +117,7 @@ class NotesFinder
     when "snippet", "project_snippet"
       SnippetsFinder.new(@current_user, project: @project).execute # rubocop: disable CodeReuse/Finder
     when "personal_snippet"
-      PersonalSnippet.all
+      SnippetsFinder.new(@current_user, only_personal: true).execute # rubocop: disable CodeReuse/Finder
     else
       raise "invalid target_type '#{noteable_type}'"
     end