summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/assets/javascripts/work_items/components/item_title.vue6
-rw-r--r--app/controllers/oauth/jira_dvcs/authorizations_controller.rb13
-rw-r--r--app/finders/notes_finder.rb2
3 files changed, 20 insertions, 1 deletions
diff --git a/app/assets/javascripts/work_items/components/item_title.vue b/app/assets/javascripts/work_items/components/item_title.vue
index 6aa3c54705c..1c0fed2dde9 100644
--- a/app/assets/javascripts/work_items/components/item_title.vue
+++ b/app/assets/javascripts/work_items/components/item_title.vue
@@ -29,6 +29,11 @@ export default {
handleSubmit() {
this.$refs.titleEl.blur();
},
+ handlePaste(e) {
+ e.preventDefault();
+ const text = e.clipboardData.getData('text');
+ this.$refs.titleEl.innerText = text;
+ },
},
};
</script>
@@ -48,6 +53,7 @@ export default {
:contenteditable="!disabled"
class="gl-px-4 gl-py-3 gl-ml-n4 gl-border gl-border-white gl-rounded-base gl-display-block"
:class="{ 'gl-hover-border-gray-200 gl-pseudo-placeholder': !disabled }"
+ @paste="handlePaste"
@blur="handleBlur"
@keyup="handleInput"
@keydown.enter.exact="handleSubmit"
diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
index 613999f4ca7..03921761f45 100644
--- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
+++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
@@ -8,6 +8,8 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
skip_before_action :authenticate_user!
skip_before_action :verify_authenticity_token
+ before_action :validate_redirect_uri, only: :new
+
feature_category :integrations
# 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL.
@@ -56,4 +58,15 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
def normalize_scope(scope)
scope == 'repo' ? 'api' : scope
end
+
+ def validate_redirect_uri
+ client = Doorkeeper::OAuth::Client.find(params[:client_id])
+ return render_404 unless client
+
+ return true if Doorkeeper::OAuth::Helpers::URIChecker.valid_for_authorization?(
+ params['redirect_uri'], client.redirect_uri
+ )
+
+ render_403
+ end
end
diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb
index 7890502cf0e..c542ffbce7e 100644
--- a/app/finders/notes_finder.rb
+++ b/app/finders/notes_finder.rb
@@ -117,7 +117,7 @@ class NotesFinder
when "snippet", "project_snippet"
SnippetsFinder.new(@current_user, project: @project).execute # rubocop: disable CodeReuse/Finder
when "personal_snippet"
- PersonalSnippet.all
+ SnippetsFinder.new(@current_user, only_personal: true).execute # rubocop: disable CodeReuse/Finder
else
raise "invalid target_type '#{noteable_type}'"
end