diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-12-12 13:19:07 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-12-12 13:19:07 +0000 |
commit | a4d7a99c22d9aac89a38c1cb411158777b72bb9d (patch) | |
tree | 12a6f4f752208ca050a899b0599d290d85c2f87f /app/controllers/users_controller.rb | |
parent | 3409333522a76ade39db41124df596b2b95eccc0 (diff) | |
download | redmine-a4d7a99c22d9aac89a38c1cb411158777b72bb9d.tar.gz redmine-a4d7a99c22d9aac89a38c1cb411158777b72bb9d.zip |
Declare safe attributes for User and Projects models.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4492 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r-- | app/controllers/users_controller.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 69ffcf2c2..07c807ce4 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -97,7 +97,8 @@ class UsersController < ApplicationController @notification_options = User::MAIL_NOTIFICATION_OPTIONS @notification_option = Setting.default_notification_option - @user = User.new(params[:user]) + @user = User.new + @user.safe_attributes = params[:user] @user.admin = params[:user][:admin] || false @user.login = params[:user][:login] @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id @@ -155,7 +156,7 @@ class UsersController < ApplicationController @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] end @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids] - @user.attributes = params[:user] + @user.safe_attributes = params[:user] # Was the account actived ? (do it before User#save clears the change) was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE]) # TODO: Similar to My#account |