summaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
authorMarius Balteanu <marius.balteanu@zitec.com>2021-10-05 16:46:03 +0000
committerMarius Balteanu <marius.balteanu@zitec.com>2021-10-05 16:46:03 +0000
commit04e27aa1616f78381fab69b2b72ba5874e4cc557 (patch)
treee2c51700b0309938b100a2ca111c7404c4cb9370 /app/controllers
parenta0ef175ffea45cf929d422909b564e235c43b149 (diff)
downloadredmine-04e27aa1616f78381fab69b2b72ba5874e4cc557.tar.gz
redmine-04e27aa1616f78381fab69b2b72ba5874e4cc557.zip
Enforce stricter class filtering in WatchersController (35463).
Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@21235 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/watchers_controller.rb4
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb
index 61681b894..79b809516 100644
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -158,7 +158,9 @@ class WatchersController < ApplicationController
rescue
nil
end
- return unless klass && klass.respond_to?('watched_by')
+ return unless klass && Class === klass # rubocop:disable Style/CaseEquality
+ return unless klass < ActiveRecord::Base
+ return unless klass < Redmine::Acts::Watchable::InstanceMethods
scope = klass.where(:id => Array.wrap(params[:object_id]))
if klass.reflect_on_association(:project)