From df615b7047e58a5dfb236d3b011dfe1619559acc Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Thu, 20 Oct 2022 04:33:55 +0000
Subject: [PATCH] Merged r21907 from trunk to 5.0-stable (#37772).

git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@21910 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/attachments_controller.rb | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index aa8bbeec9..0af43e18c 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -219,19 +219,10 @@ class AttachmentsController < ApplicationController
   end
 
   def find_container
-    klass =
-      begin
-        params[:object_type].to_s.singularize.classify.constantize
-      rescue
-        nil
-      end
-    unless klass && (klass.reflect_on_association(:attachments) || klass.method_defined?(:attachments))
-      render_404
-      return
-    end
-
+    # object_type is constrained to valid values in routes
+    klass = params[:object_type].to_s.singularize.classify.constantize
     @container = klass.find(params[:object_id])
-    if @container.respond_to?(:visible?) && !@container.visible?
+    unless @container.visible?
       render_403
       return
     end
-- 
2.39.5