From ada8b026ef55733a94821525249ed67a094d5521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@gitlab.com>
Date: Fri, 9 Dec 2016 16:31:14 +0000
Subject: [PATCH] Merge branch 'rs-filter-params' into 'security'

Filter `incoming_email_token` and `runners_token` parameters

Closes https://dev.gitlab.org/gitlab/gitlabhq/issues/2676

See merge request !2045
---
 config/application.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/application.rb b/config/application.rb
index fbf50df2850..782a7a36895 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -45,7 +45,7 @@ module Gitlab
     #
     # Parameters filtered:
     # - Password (:password, :password_confirmation)
-    # - Private tokens (:private_token, :authentication_token)
+    # - Private tokens
     # - Two-factor tokens (:otp_attempt)
     # - Repo/Project Import URLs (:import_url)
     # - Build variables (:variables)
@@ -60,11 +60,13 @@ module Gitlab
       encrypted_key
       hook
       import_url
+      incoming_email_token
       key
       otp_attempt
       password
       password_confirmation
       private_token
+      runners_token
       secret_token
       sentry_dsn
       variables
-- 
GitLab