summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorToshi MARUYAMA <marutosijp2@yahoo.co.jp>2014-05-01 01:45:03 +0000
committerToshi MARUYAMA <marutosijp2@yahoo.co.jp>2014-05-01 01:45:03 +0000
commit83fe35d3d27de9cfa13d17ae0ef6d81b54259098 (patch)
treeaa30e515be244252be838b3571978b0c9a61767e
parentf155a1ada6e2d28732d3c231e0db3f291e8d01cc (diff)
downloadredmine-83fe35d3d27de9cfa13d17ae0ef6d81b54259098.tar.gz
redmine-83fe35d3d27de9cfa13d17ae0ef6d81b54259098.zip
Merged r13110 from trunk to 2.5-stable (#16685)
introduce request_store to ensure that the current user doesn't leak across request boundaries. Contributed by Holger Just. git-svn-id: http://svn.redmine.org/redmine/branches/2.5-stable@13111 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat
-rw-r--r--Gemfile1
-rw-r--r--app/models/user.rb4
2 files changed, 3 insertions, 2 deletions
diff --git a/Gemfile b/Gemfile
index 13915c6e8..ac0083ce8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,6 +6,7 @@ gem "jquery-rails", "~> 2.0.2"
gem "coderay", "~> 1.1.0"
gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby]
gem "builder", "3.0.0"
+gem 'request_store'
gem "mime-types"
gem "awesome_nested_set", "2.1.6"
diff --git a/app/models/user.rb b/app/models/user.rb
index 4a33590f7..fd245c3e8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -626,11 +626,11 @@ class User < Principal
end
def self.current=(user)
- Thread.current[:current_user] = user
+ RequestStore.store[:current_user] = user
end
def self.current
- Thread.current[:current_user] ||= User.anonymous
+ RequestStore.store[:current_user] ||= User.anonymous
end
# Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-11 04:37:10 +0000