]> source.dussan.org Git - redmine.git/commitdiff
projects / redmine.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a0ef175)
Enforce stricter class filtering in WatchersController (35463).
authorMarius Balteanu <marius.balteanu@zitec.com>
Tue, 5 Oct 2021 16:46:03 +0000 (16:46 +0000)
committerMarius Balteanu <marius.balteanu@zitec.com>
Tue, 5 Oct 2021 16:46:03 +0000 (16:46 +0000)
Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@21235 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/watchers_controller.rb patch | blob | history

diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb
index 61681b894eb79aafe9a973f80282689b576bc1e4..79b8095160dd3e7591d57149a926b28caf4bf0c1 100644 (file)
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -158,7 +158,9 @@ class WatchersController < ApplicationController
       rescue
         nil
       end
-    return unless klass && klass.respond_to?('watched_by')
+    return unless klass && Class === klass # rubocop:disable Style/CaseEquality
+    return unless klass < ActiveRecord::Base
+    return unless klass < Redmine::Acts::Watchable::InstanceMethods
 
     scope = klass.where(:id => Array.wrap(params[:object_id]))
     if klass.reflect_on_association(:project)
Mirror of redmine code source: https://github.com/redmine/redmine