diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-07-10 23:00:21 +0300 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-07-10 23:09:37 +0300 |
| commit | 718a23fd36de971b3bd127c6f9d5311f7029e15c (patch) | |
| tree | 74da6e6052e7f4cf34b2813a16b00c6ceccf3e5c /lib/gitlab/url_sanitizer.rb | |
| parent | 255db3d59792e9bac92f4327b4e324e2bd32810a (diff) | |
Properly handle colons in URL passwords
Before b46d5b13ecb8e0c0793fa433bff7f49cb0612760, we relied on
`Addressable::URI` to parse the username/password in a URL, but this failed
when credentials contained special characters. However, this introduced a regression
where the parsing would incorrectly truncate the password if the password had a colon.
Closes #49080
Diffstat (limited to 'lib/gitlab/url_sanitizer.rb')
| -rw-r--r-- | lib/gitlab/url_sanitizer.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb index 59331c827af..de8b6ec69ce 100644 --- a/lib/gitlab/url_sanitizer.rb +++ b/lib/gitlab/url_sanitizer.rb @@ -58,7 +58,7 @@ module Gitlab if raw_credentials.present? url.sub!("#{raw_credentials}@", '') - user, password = raw_credentials.split(':') + user, _, password = raw_credentials.partition(':') @credentials ||= { user: user.presence, password: password.presence } end |