summaryrefslogtreecommitdiffstats
path: root/app/controllers/users_controller.rb
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2010-12-12 13:19:07 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2010-12-12 13:19:07 +0000
commita4d7a99c22d9aac89a38c1cb411158777b72bb9d (patch)
tree12a6f4f752208ca050a899b0599d290d85c2f87f /app/controllers/users_controller.rb
parent3409333522a76ade39db41124df596b2b95eccc0 (diff)
downloadredmine-a4d7a99c22d9aac89a38c1cb411158777b72bb9d.tar.gz
redmine-a4d7a99c22d9aac89a38c1cb411158777b72bb9d.zip
Declare safe attributes for User and Projects models.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4492 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r--app/controllers/users_controller.rb5
1 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 69ffcf2c2..07c807ce4 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -97,7 +97,8 @@ class UsersController < ApplicationController
@notification_options = User::MAIL_NOTIFICATION_OPTIONS
@notification_option = Setting.default_notification_option
- @user = User.new(params[:user])
+ @user = User.new
+ @user.safe_attributes = params[:user]
@user.admin = params[:user][:admin] || false
@user.login = params[:user][:login]
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
@@ -155,7 +156,7 @@ class UsersController < ApplicationController
@user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
end
@user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
- @user.attributes = params[:user]
+ @user.safe_attributes = params[:user]
# Was the account actived ? (do it before User#save clears the change)
was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
# TODO: Similar to My#account