diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-03-12 14:08:48 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2016-03-12 14:08:48 +0000 |
commit | f979b4a2c85f3880a8b4fbb54b278d1ab5187792 (patch) | |
tree | a46113bea6700694f7ffa4413091350ddf2010a0 | |
parent | ff62e2060775795d9c4e70a8f565fd3a0305e561 (diff) | |
parent | 36ddca101e05ce885f23e9a797c577e81f70ab16 (diff) | |
download | gitlab-ce-f979b4a2c85f3880a8b4fbb54b278d1ab5187792.tar.gz |
Merge branch 'filter-import-url' into 'master'
Filter import_url params because they may contain auth information. Fixes #14199
cc @dzaporozhets @DouweM tagging you since this is security related.
See merge request !3174
-rw-r--r-- | config/application.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/application.rb b/config/application.rb index d8d1e7b4679..2b103c4592d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -34,7 +34,7 @@ module Gitlab config.encoding = "utf-8" # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables) + config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url) # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true |