Prevent mass-assignment when adding/updating a forum (#10390).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9140 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 6 insertions, 3 deletions

diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb
index e4d7749bc..380933960 100644
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -60,11 +60,13 @@ class BoardsController < ApplicationController
   end
 
   def new
-    @board = @project.boards.build(params[:board])
+    @board = @project.boards.build
+    @board.safe_attributes = params[:board]
   end
 
   def create
-    @board = @project.boards.build(params[:board])
+    @board = @project.boards.build
+    @board.safe_attributes = params[:board]
     if @board.save
       flash[:notice] = l(:notice_successful_create)
       redirect_to_settings_in_projects
@@ -77,7 +79,8 @@ class BoardsController < ApplicationController
   end
 
   def update
-    if @board.update_attributes(params[:board])
+    @board.safe_attributes = params[:board]
+    if @board.save
       redirect_to_settings_in_projects
     else
       render :action => 'edit'