Add latest changes from gitlab-org/security/gitlab@15-5-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-01-07 01:38:01 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-01-07 01:38:01 +0300
commit: b8a1c5346855a50b711e26def061d90fae10ab79 (patch)
tree: e59685859d4c79296b374f4764d8d027fadc8663 /app
parent: 7cf04c446e2aade98b4bf3ef860076fc2db12d58 (diff)
2 files changed, 17 insertions, 7 deletions
diff --git a/app/helpers/diff_helper.rb b/app/helpers/diff_helper.rb
index 5c3b9d4b5ab..08678c21b74 100644
--- a/app/helpers/diff_helper.rb
+++ b/app/helpers/diff_helper.rb
@@ -244,6 +244,10 @@ module DiffHelper
     {}
   end
 
+  def params_with_whitespace
+    hide_whitespace? ? safe_params.except(:w) : safe_params.merge(w: 1)
+  end
+
   private
 
   def diff_btn(title, name, selected)
@@ -277,10 +281,6 @@ module DiffHelper
     params[:w] == '1'
   end
 
-  def params_with_whitespace
-    hide_whitespace? ? request.query_parameters.except(:w) : request.query_parameters.merge(w: 1)
-  end
-
   def toggle_whitespace_link(url, options)
     options[:class] = [*options[:class], 'btn gl-button btn-default'].join(' ')
     link_to "#{hide_whitespace? ? 'Show' : 'Hide'} whitespace changes", url, class: options[:class]
diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb
index 625addaf915..4a47b09ae6d 100644
--- a/app/services/error_tracking/list_projects_service.rb
+++ b/app/services/error_tracking/list_projects_service.rb
@@ -2,6 +2,8 @@
 
 module ErrorTracking
   class ListProjectsService < ErrorTracking::BaseService
+    MASKED_TOKEN_REGEX = /\A\*+\z/.freeze
+
     private
 
     def perform
@@ -21,23 +23,31 @@ module ErrorTracking
     def project_error_tracking_setting
       @project_error_tracking_setting ||= begin
         (super || project.build_error_tracking_setting).tap do |setting|
+          url_changed = !setting.api_url&.start_with?(params[:api_host])
+
           setting.api_url = ErrorTracking::ProjectErrorTrackingSetting.build_api_url_from(
             api_host: params[:api_host],
             organization_slug: 'org',
             project_slug: 'proj'
           )
 
-          setting.token = token(setting)
+          setting.token = token(setting, url_changed)
           setting.enabled = true
         end
       end
     end
 
-    def token(setting)
+    def token(setting, url_changed)
+      return if url_changed && masked_token?
+
       # Use param token if not masked, otherwise use database token
-      return params[:token] unless /\A\*+\z/.match?(params[:token])
+      return params[:token] unless masked_token?
 
       setting.token
     end
+
+    def masked_token?
+      MASKED_TOKEN_REGEX.match?(params[:token])
+    end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-01-07 01:38:01 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-01-07 01:38:01 +0300
commit	b8a1c5346855a50b711e26def061d90fae10ab79 (patch)
tree	e59685859d4c79296b374f4764d8d027fadc8663 /app
parent	7cf04c446e2aade98b4bf3ef860076fc2db12d58 (diff)