diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-07 01:38:01 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-07 01:38:01 +0300 |
commit | b8a1c5346855a50b711e26def061d90fae10ab79 (patch) | |
tree | e59685859d4c79296b374f4764d8d027fadc8663 /app | |
parent | 7cf04c446e2aade98b4bf3ef860076fc2db12d58 (diff) |
Add latest changes from gitlab-org/security/gitlab@15-5-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/helpers/diff_helper.rb | 8 | ||||
-rw-r--r-- | app/services/error_tracking/list_projects_service.rb | 16 |
2 files changed, 17 insertions, 7 deletions
diff --git a/app/helpers/diff_helper.rb b/app/helpers/diff_helper.rb index 5c3b9d4b5ab..08678c21b74 100644 --- a/app/helpers/diff_helper.rb +++ b/app/helpers/diff_helper.rb @@ -244,6 +244,10 @@ module DiffHelper {} end + def params_with_whitespace + hide_whitespace? ? safe_params.except(:w) : safe_params.merge(w: 1) + end + private def diff_btn(title, name, selected) @@ -277,10 +281,6 @@ module DiffHelper params[:w] == '1' end - def params_with_whitespace - hide_whitespace? ? request.query_parameters.except(:w) : request.query_parameters.merge(w: 1) - end - def toggle_whitespace_link(url, options) options[:class] = [*options[:class], 'btn gl-button btn-default'].join(' ') link_to "#{hide_whitespace? ? 'Show' : 'Hide'} whitespace changes", url, class: options[:class] diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb index 625addaf915..4a47b09ae6d 100644 --- a/app/services/error_tracking/list_projects_service.rb +++ b/app/services/error_tracking/list_projects_service.rb @@ -2,6 +2,8 @@ module ErrorTracking class ListProjectsService < ErrorTracking::BaseService + MASKED_TOKEN_REGEX = /\A\*+\z/.freeze + private def perform @@ -21,23 +23,31 @@ module ErrorTracking def project_error_tracking_setting @project_error_tracking_setting ||= begin (super || project.build_error_tracking_setting).tap do |setting| + url_changed = !setting.api_url&.start_with?(params[:api_host]) + setting.api_url = ErrorTracking::ProjectErrorTrackingSetting.build_api_url_from( api_host: params[:api_host], organization_slug: 'org', project_slug: 'proj' ) - setting.token = token(setting) + setting.token = token(setting, url_changed) setting.enabled = true end end end - def token(setting) + def token(setting, url_changed) + return if url_changed && masked_token? + # Use param token if not masked, otherwise use database token - return params[:token] unless /\A\*+\z/.match?(params[:token]) + return params[:token] unless masked_token? setting.token end + + def masked_token? + MASKED_TOKEN_REGEX.match?(params[:token]) + end end end |