diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-07-03 11:01:08 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-07-03 11:01:08 +0000 |
| commit | 8914d323ee14c660c169ef143800343f87af33da (patch) | |
| tree | 44ed9cc964f4b7888a84d7124fcf6d143f2db357 /app/controllers/application_controller.rb | |
| parent | aede35d2268dbe25258344ffacf35487cc6e2ae7 (diff) | |
| download | redmine-8914d323ee14c660c169ef143800343f87af33da.tar.gz redmine-8914d323ee14c660c169ef143800343f87af33da.zip | |
Fixed: private queries should not be accessible to other users (#8729).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6163 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5c1215b4f..e3f768645 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -18,6 +18,8 @@ require 'uri' require 'cgi' +class Unauthorized < Exception; end + class ApplicationController < ActionController::Base include Redmine::I18n @@ -41,6 +43,7 @@ class ApplicationController < ActionController::Base protect_from_forgery rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token + rescue_from ::Unauthorized, :with => :deny_access include Redmine::Search::Controller include Redmine::MenuManager::MenuController |