return false
end
@issue.start_date ||= Date.today if Setting.default_issue_start_date_to_creation_date?
- if params[:issue].is_a?(Hash)
- @issue.safe_attributes = params[:issue]
- if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
- @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
- end
- end
+ @issue.safe_attributes = params[:issue]
+
@priorities = IssuePriority.active
@allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
end
'done_ratio',
:if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? }
+ safe_attributes 'watcher_user_ids',
+ :if => lambda {|issue, user| issue.new_record? && user.allowed_to?(:add_issue_watchers, issue.project)}
+
safe_attributes 'is_private',
:if => lambda {|issue, user|
user.allowed_to?(:set_issues_private, issue.project) ||
end
end
- self.attributes = attrs
+ # mass-assignment security bypass
+ self.send :attributes=, attrs, false
end
def done_ratio