Mirrors/redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2024-08-30 05:58:03 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Use safe_attributes for email addresses.

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@15693 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2016-07-17 08:27:27 +00:00
parent d7a6c09822
commit f165bbd0d7
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/email_addresses_controller.rb
View File

@ -29,10 +29,7 @@ class EmailAddressesController < ApplicationController
saved = false
if @user.email_addresses.count <= Setting.max_additional_emails.to_i
@address = EmailAddress.new(:user => @user, :is_default => false)
attrs = params[:email_address]
if attrs.is_a?(Hash)
@address.address = attrs[:address].to_s
end
@address.safe_attributes = params[:email_address]
saved = @address.save
end

4
app/models/email_address.rb
View File

@ -16,6 +16,8 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class EmailAddress < ActiveRecord::Base
include Redmine::SafeAttributes
belongs_to :user
attr_protected :id
@ -29,6 +31,8 @@ class EmailAddress < ActiveRecord::Base
validates_uniqueness_of :address, :case_sensitive => false,
:if => Proc.new {|email| email.address_changed? && email.address.present?}
safe_attributes 'address'
def address=(arg)
write_attribute(:address, arg.to_s.strip)
end