Merge branch 'fix/safe-import-url' into 'master'

Prevent tokens in the import URL to be showed by the UI Quick fix to prevent the import URL to show a user's token. See merge request !3331

Merge branch 'fix/safe-import-url' into 'master'
Prevent tokens in the import URL to be showed by the UI Quick fix to prevent the import URL to show a user's token. See merge request !3331
642f56c6 · Douwe Maan · 2bcbc7c6 · 2fe80e94 · 642f56c6 · 642f56c6
Commit 642f56c6 authored Mar 21, 2016 by Douwe Maan
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

CHANGELOG CHANGELOG +1 -0

app/models/project.rb app/models/project.rb +1 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.

 v 8.6.0 (unreleased)
  - Add ability to move issue to another project
+  - Prevent tokens in the import URL to be showed by the UI
  - Fix bug where wrong commit ID was being used in a merge request diff to show old image (Stan Hu)
  - Make HTTP(s) label consistent on clone bar (Stan Hu)
  - Add confidential issues

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -435,6 +435,7 @@ class Project < ActiveRecord::Base
  def safe_import_url
    result = URI.parse(self.import_url)
    result.password = '*****' unless result.password.nil?
+    result.user = '*****' unless result.user.nil? || result.user == "git" #tokens or other data may be saved as user
    result.to_s
  rescue
    self.import_url