diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 21:28:24 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 21:28:24 +0300 |
| commit | 47414496d427785d86832bcaca617233f904a2e0 (patch) | |
| tree | 55c0e9671c5f513654fabdfc6dea1982528a5f9e /app | |
| parent | 6b75388b67c35271bc18f2dbd41a72accd927808 (diff) | |
Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee
Diffstat (limited to 'app')
| -rw-r--r-- | app/assets/javascripts/work_items/components/item_title.vue | 6 | ||||
| -rw-r--r-- | app/controllers/oauth/jira_dvcs/authorizations_controller.rb | 13 | ||||
| -rw-r--r-- | app/finders/notes_finder.rb | 2 |
3 files changed, 20 insertions, 1 deletions
diff --git a/app/assets/javascripts/work_items/components/item_title.vue b/app/assets/javascripts/work_items/components/item_title.vue index 6aa3c54705c..1c0fed2dde9 100644 --- a/app/assets/javascripts/work_items/components/item_title.vue +++ b/app/assets/javascripts/work_items/components/item_title.vue @@ -29,6 +29,11 @@ export default { handleSubmit() { this.$refs.titleEl.blur(); }, + handlePaste(e) { + e.preventDefault(); + const text = e.clipboardData.getData('text'); + this.$refs.titleEl.innerText = text; + }, }, }; </script> @@ -48,6 +53,7 @@ export default { :contenteditable="!disabled" class="gl-px-4 gl-py-3 gl-ml-n4 gl-border gl-border-white gl-rounded-base gl-display-block" :class="{ 'gl-hover-border-gray-200 gl-pseudo-placeholder': !disabled }" + @paste="handlePaste" @blur="handleBlur" @keyup="handleInput" @keydown.enter.exact="handleSubmit" diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb index 613999f4ca7..03921761f45 100644 --- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb +++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb @@ -8,6 +8,8 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController skip_before_action :authenticate_user! skip_before_action :verify_authenticity_token + before_action :validate_redirect_uri, only: :new + feature_category :integrations # 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL. @@ -56,4 +58,15 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController def normalize_scope(scope) scope == 'repo' ? 'api' : scope end + + def validate_redirect_uri + client = Doorkeeper::OAuth::Client.find(params[:client_id]) + return render_404 unless client + + return true if Doorkeeper::OAuth::Helpers::URIChecker.valid_for_authorization?( + params['redirect_uri'], client.redirect_uri + ) + + render_403 + end end diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb index 7890502cf0e..c542ffbce7e 100644 --- a/app/finders/notes_finder.rb +++ b/app/finders/notes_finder.rb @@ -117,7 +117,7 @@ class NotesFinder when "snippet", "project_snippet" SnippetsFinder.new(@current_user, project: @project).execute # rubocop: disable CodeReuse/Finder when "personal_snippet" - PersonalSnippet.all + SnippetsFinder.new(@current_user, only_personal: true).execute # rubocop: disable CodeReuse/Finder else raise "invalid target_type '#{noteable_type}'" end |