Commit 642f56c6 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'fix/safe-import-url' into 'master'

Prevent tokens in the import URL to be showed by the UI

Quick fix to prevent the import URL to show a user's token.

See merge request !3331
parents 2bcbc7c6 2fe80e94
No related merge requests found
......@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 8.6.0 (unreleased)
- Add ability to move issue to another project
- Prevent tokens in the import URL to be showed by the UI
- Fix bug where wrong commit ID was being used in a merge request diff to show old image (Stan Hu)
- Make HTTP(s) label consistent on clone bar (Stan Hu)
- Add confidential issues
......
......@@ -435,6 +435,7 @@ class Project < ActiveRecord::Base
def safe_import_url
result = URI.parse(self.import_url)
result.password = '*****' unless result.password.nil?
result.user = '*****' unless result.user.nil? || result.user == "git" #tokens or other data may be saved as user
result.to_s
rescue
self.import_url
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment