Merged r21907 from trunk to 5.0-stable (#37772).

git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21910 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index aa8bbeec91f9dc39d68b1d3e36f5a6ab1e62b36b..0af43e18c8ed2dab6bbff250ead87be48d18a8b6 100644 (file)
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -219,19 +219,10 @@ class AttachmentsController < ApplicationController
   end
 
   def find_container
-    klass =
-      begin
-        params[:object_type].to_s.singularize.classify.constantize
-      rescue
-        nil
-      end
-    unless klass && (klass.reflect_on_association(:attachments) || klass.method_defined?(:attachments))
-      render_404
-      return
-    end
-
+    # object_type is constrained to valid values in routes
+    klass = params[:object_type].to_s.singularize.classify.constantize
     @container = klass.find(params[:object_id])
-    if @container.respond_to?(:visible?) && !@container.visible?
+    unless @container.visible?
       render_403
       return
     end