Browse Source
Use safe_attributes for email addresses.
git-svn-id: http://svn.redmine.org/redmine/trunk@15693 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.4.0
Jean-Philippe Lang
8 years ago
2 changed files with 5 additions and 4 deletions
+ 1
- 4
app/controllers/email_addresses_controller.rb
View File
| @@ -29,10 +29,7 @@ class EmailAddressesController < ApplicationController | |||
| saved = false | |||
| if @user.email_addresses.count <= Setting.max_additional_emails.to_i | |||
| @address = EmailAddress.new(:user => @user, :is_default => false) | |||
| attrs = params[:email_address] | |||
| if attrs.is_a?(Hash) | |||
| @address.address = attrs[:address].to_s | |||
| end | |||
| @address.safe_attributes = params[:email_address] | |||
| saved = @address.save | |||
| end | |||
+ 4
- 0
app/models/email_address.rb
View File
| @@ -16,6 +16,8 @@ | |||
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
| class EmailAddress < ActiveRecord::Base | |||
| include Redmine::SafeAttributes | |||
| belongs_to :user | |||
| attr_protected :id | |||
| @@ -29,6 +31,8 @@ class EmailAddress < ActiveRecord::Base | |||
| validates_uniqueness_of :address, :case_sensitive => false, | |||
| :if => Proc.new {|email| email.address_changed? && email.address.present?} | |||
| safe_attributes 'address' | |||
| def address=(arg) | |||
| write_attribute(:address, arg.to_s.strip) | |||
| end | |||
Loading…