Merge branch 'security-fix-project-existence-disclosure-master' into 'master'

Fix url redaction for issue links See merge request gitlab/gitlabhq!3091
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-06-03 15:33:57 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-06-03 15:33:57 +0300
commit: c45c64ce298fab6eca6c54142ab5844a4b2c5c63 (patch)
tree: 89fab3ffc33bfa89619030451142c363d1f505c4 /lib/banzai
parent: 4dc442f17790182ecddac0facb51804ee7777434 (diff)
parent: b0fbf001dab134b6638411f0be209bc0d1460519 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/banzai/redactor.rb b/lib/banzai/redactor.rb
index 7db5f5e1f7d..c2da7fec7cc 100644
--- a/lib/banzai/redactor.rb
+++ b/lib/banzai/redactor.rb
@@ -70,8 +70,11 @@ module Banzai
       # Build the raw <a> tag just with a link as href and content if
       # it's originally a link pattern. We shouldn't return a plain text href.
       original_link =
-        if link_reference == 'true' && href = original_content
-          %(<a href="#{href}">#{href}</a>)
+        if link_reference == 'true'
+          href = node.attr('href')
+          content = original_content
+
+          %(<a href="#{href}">#{content}</a>)
         end
 
       # The reference should be replaced by the original link's content,
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-06-03 15:33:57 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-06-03 15:33:57 +0300
commit	c45c64ce298fab6eca6c54142ab5844a4b2c5c63 (patch)
tree	89fab3ffc33bfa89619030451142c363d1f505c4 /lib/banzai
parent	4dc442f17790182ecddac0facb51804ee7777434 (diff)
parent	b0fbf001dab134b6638411f0be209bc0d1460519 (diff)