summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-03-12 14:08:48 +0000
committerDouwe Maan <douwe@gitlab.com>2016-03-12 14:08:48 +0000
commitf979b4a2c85f3880a8b4fbb54b278d1ab5187792 (patch)
treea46113bea6700694f7ffa4413091350ddf2010a0
parentff62e2060775795d9c4e70a8f565fd3a0305e561 (diff)
parent36ddca101e05ce885f23e9a797c577e81f70ab16 (diff)
downloadgitlab-ce-f979b4a2c85f3880a8b4fbb54b278d1ab5187792.tar.gz
Merge branch 'filter-import-url' into 'master'
Filter import_url params because they may contain auth information. Fixes #14199 cc @dzaporozhets @DouweM tagging you since this is security related. See merge request !3174
-rw-r--r--config/application.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/config/application.rb b/config/application.rb
index d8d1e7b4679..2b103c4592d 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -34,7 +34,7 @@ module Gitlab
config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file.
- config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables)
+ config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url)
# Enable escaping HTML in JSON.
config.active_support.escape_html_entities_in_json = true