From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 20 Jan 2013 13:50:51 +0000 (+0000)
Subject: Safer find_by_ call.
X-Git-Tag: 2.3.0~270
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=92b92d6bb8146f637189092e3578013382e55e41;p=redmine.git

Safer find_by_ call.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11219 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 5405b18f4..ff2a6adf3 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -134,8 +134,8 @@ class AccountController < ApplicationController
 
   # Token based account activation
   def activate
-    redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
-    token = Token.find_by_action_and_value('register', params[:token])
+    redirect_to(home_url) && return unless Setting.self_registration? && params[:token].present?
+    token = Token.find_by_action_and_value('register', params[:token].to_s)
     redirect_to(home_url) && return unless token and !token.expired?
     user = token.user
     redirect_to(home_url) && return unless user.registered?