# Create or update a project's wiki
def edit
@wiki = @project.wiki || Wiki.new(:project => @project)
- @wiki.attributes = params[:wiki]
+ @wiki.safe_attributes = params[:wiki]
@wiki.save if request.post?
render(:update) {|page| page.replace_html "tab-content-wiki", :partial => 'projects/settings/wiki'}
end
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class Wiki < ActiveRecord::Base
+ include Redmine::SafeAttributes
belongs_to :project
has_many :pages, :class_name => 'WikiPage', :dependent => :destroy, :order => 'title'
has_many :redirects, :class_name => 'WikiRedirect', :dependent => :delete_all
validates_presence_of :start_page
validates_format_of :start_page, :with => /^[^,\.\/\?\;\|\:]*$/
+ safe_attributes 'start_page'
+
def visible?(user=User.current)
!user.nil? && user.allowed_to?(:view_wiki_pages, project)
end
projects / redmine.git / commitdiff