Safe attributes for repositories.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9876 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index f93bedeade30e01ad2d9dda39b7d839998a76a58..b315a200a8c082bcb122badc1ebb25c1b154aa71 100644 (file)
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -47,7 +47,8 @@ class RepositoriesController < ApplicationController
 
   def create
     attrs = pickup_extra_info
-    @repository = Repository.factory(params[:repository_scm], attrs[:attrs])
+    @repository = Repository.factory(params[:repository_scm])
+    @repository.safe_attributes = params[:repository]
     if attrs[:attrs_extra].keys.any?
       @repository.merge_extra_info(attrs[:attrs_extra])
     end
@@ -64,7 +65,7 @@ class RepositoriesController < ApplicationController
 
   def update
     attrs = pickup_extra_info
-    @repository.attributes = attrs[:attrs]
+    @repository.safe_attributes = attrs[:attrs]
     if attrs[:attrs_extra].keys.any?
       @repository.merge_extra_info(attrs[:attrs_extra])
     end

diff --git a/app/models/repository.rb b/app/models/repository.rb
index 873c223134ce8670ee8731fcbaf88a6f87b67196..8f2cd5c674da5c83e594aebef487b9dd04de5f5a 100644 (file)
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -19,6 +19,7 @@ class ScmFetchError < Exception; end
 
 class Repository < ActiveRecord::Base
   include Redmine::Ciphering
+  include Redmine::SafeAttributes
 
   belongs_to :project
   has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC"
@@ -42,6 +43,14 @@ class Repository < ActiveRecord::Base
   # Checks if the SCM is enabled when creating a repository
   validate :repo_create_validation, :on => :create
 
+  safe_attributes 'identifier',
+    'url',
+    'login',
+    'password',
+    'path_encoding',
+    'log_encoding',
+    'is_default'
+
   def repo_create_validation
     unless Setting.enabled_scm.include?(self.class.name.demodulize)
       errors.add(:type, :invalid)

diff --git a/app/models/repository/cvs.rb b/app/models/repository/cvs.rb
index ebfceb6abe300b8543e91d2f53e0a20dffcd43f5..f43a15620ac9f4daa5c3913e1786313b3900faf3 100644 (file)
--- a/app/models/repository/cvs.rb
+++ b/app/models/repository/cvs.rb
@@ -21,6 +21,8 @@ require 'digest/sha1'
 class Repository::Cvs < Repository
   validates_presence_of :url, :root_url, :log_encoding
 
+  safe_attributes 'root_url'
+
   def self.human_attribute_name(attribute_key_name, *args)
     attr_name = attribute_key_name.to_s
     if attr_name == "root_url"

diff --git a/lib/redmine/safe_attributes.rb b/lib/redmine/safe_attributes.rb
index b8694a34df2fb72cf751022ccbd58500fce28a9d..75c2e43def265091662729fb7cb4d1cb852ec8de 100644 (file)
--- a/lib/redmine/safe_attributes.rb
+++ b/lib/redmine/safe_attributes.rb
@@ -31,7 +31,11 @@ module Redmine
       def safe_attributes(*args)
         @safe_attributes ||= []
         if args.empty?
-          @safe_attributes
+          if superclass.include?(Redmine::SafeAttributes)
+            @safe_attributes + superclass.safe_attributes 
+          else
+            @safe_attributes
+          end
         else
           options = args.last.is_a?(Hash) ? args.pop : {}
           @safe_attributes << [args, options]