From c8bdb20228b34130c7f0525ad92140702dce1e20 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Wed, 6 Sep 2017 15:20:25 +0100
Subject: Remove blank passwords from sanitized URLs

---
 lib/gitlab/url_sanitizer.rb | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'lib/gitlab')

diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb
index 9c26490f40f..703adae12cb 100644
--- a/lib/gitlab/url_sanitizer.rb
+++ b/lib/gitlab/url_sanitizer.rb
@@ -19,7 +19,12 @@ module Gitlab
     end
 
     def initialize(url, credentials: nil)
-      @url = Addressable::URI.parse(url.strip)
+      @url = Addressable::URI.parse(url.to_s.strip)
+
+      %i[user password].each do |symbol|
+        credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
+      end
+
       @credentials = credentials
     end
 
@@ -47,8 +52,10 @@ module Gitlab
     def generate_full_url
       return @url unless valid_credentials?
       @full_url = @url.dup
-      @full_url.user = credentials[:user].presence
-      @full_url.password = credentials[:password].presence
+
+      @full_url.password = credentials[:password]
+      @full_url.user = credentials[:user]
+
       @full_url
     end
 
-- 
cgit v1.2.1