diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-10 10:58:00 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-10 10:58:00 +0000 |
| commit | 1f9bbd6b42b377c9ab3906293c2d166b4e2fb138 (patch) | |
| tree | 1bbabccc76bb01dc02c83b5b00ce7d64b2dbb800 /app/controllers/journals_controller.rb | |
| parent | 7918285ac2e64fe046e590fbb1afb1e1f2fb9422 (diff) | |
| download | redmine-1f9bbd6b42b377c9ab3906293c2d166b4e2fb138.tar.gz redmine-1f9bbd6b42b377c9ab3906293c2d166b4e2fb138.zip | |
Wrap journal attributes with a journal parameter and use safe_attributes (#22575).
git-svn-id: http://svn.redmine.org/redmine/trunk@15621 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/journals_controller.rb')
| -rw-r--r-- | app/controllers/journals_controller.rb | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/app/controllers/journals_controller.rb b/app/controllers/journals_controller.rb index 6780916b7..00556c8e4 100644 --- a/app/controllers/journals_controller.rb +++ b/app/controllers/journals_controller.rb @@ -90,10 +90,8 @@ class JournalsController < ApplicationController def update (render_403; return false) unless @journal.editable_by?(User.current) - @journal.notes = params[:notes] if params[:notes] - @journal.private_notes = params[:private_notes].present? - (render_403; return false) if @journal.private_notes_changed? && User.current.allowed_to?(:set_notes_private, @journal.issue.project) == false - @journal.save if @journal.changed? + @journal.safe_attributes = params[:journal] + @journal.save @journal.destroy if @journal.details.empty? && @journal.notes.blank? call_hook(:controller_journals_edit_post, { :journal => @journal, :params => params}) respond_to do |format| |