32 lines
940 B
Diff
32 lines
940 B
Diff
--- a/app/models/hooks/web_hook.rb
|
|
+++ b/app/models/hooks/web_hook.rb
|
|
@@ -19,6 +19,7 @@
|
|
default_timeout Gitlab.config.gitlab.webhook_timeout
|
|
|
|
validates :url, presence: true, url: true
|
|
+ validates :token, format: { without: /\n/ }
|
|
|
|
def execute(data, hook_name)
|
|
parsed_url = URI.parse(url)
|
|
@@ -57,7 +58,7 @@
|
|
'Content-Type' => 'application/json',
|
|
'X-Gitlab-Event' => hook_name.singularize.titleize
|
|
}
|
|
- headers['X-Gitlab-Token'] = token if token.present?
|
|
+ headers['X-Gitlab-Token'] = Gitlab::Utils.remove_line_breaks(token) if token.present?
|
|
headers
|
|
end
|
|
end
|
|
--- a/lib/gitlab/utils.rb
|
|
+++ b/lib/gitlab/utils.rb
|
|
@@ -14,6 +14,10 @@
|
|
str.force_encoding(Encoding::UTF_8)
|
|
end
|
|
|
|
+ def remove_line_breaks(str)
|
|
+ str.gsub(/\r?\n/, '')
|
|
+ end
|
|
+
|
|
def to_boolean(value)
|
|
return value if [true, false].include?(value)
|
|
return true if value =~ /^(true|t|yes|y|1|on)$/i
|