diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-17 08:18:26 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-17 08:18:26 +0000 |
| commit | d7a6c09822bc18c01b707d479342af956f754568 (patch) | |
| tree | 310ef409ee136c2ed91761e69e98bc789b88deaf /app/controllers | |
| parent | cc30a0423eeeb4ad78fdd68c54f2f2df78899ffe (diff) | |
| download | redmine-d7a6c09822bc18c01b707d479342af956f754568.tar.gz redmine-d7a6c09822bc18c01b707d479342af956f754568.zip | |
Use safe_attributes for auth sources.
git-svn-id: http://svn.redmine.org/redmine/trunk@15692 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/auth_sources_controller.rb | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/app/controllers/auth_sources_controller.rb b/app/controllers/auth_sources_controller.rb index 6f5e903d6..d6dd58896 100644 --- a/app/controllers/auth_sources_controller.rb +++ b/app/controllers/auth_sources_controller.rb @@ -20,6 +20,7 @@ class AuthSourcesController < ApplicationController menu_item :ldap_authentication before_action :require_admin + before_action :build_new_auth_source, :only => [:new, :create] before_action :find_auth_source, :only => [:edit, :update, :test_connection, :destroy] require_sudo_mode :update, :destroy @@ -28,13 +29,9 @@ class AuthSourcesController < ApplicationController end def new - klass_name = params[:type] || 'AuthSourceLdap' - @auth_source = AuthSource.new_subclass_instance(klass_name, params[:auth_source]) - render_404 unless @auth_source end def create - @auth_source = AuthSource.new_subclass_instance(params[:type], params[:auth_source]) if @auth_source.save flash[:notice] = l(:notice_successful_create) redirect_to auth_sources_path @@ -47,7 +44,8 @@ class AuthSourcesController < ApplicationController end def update - if @auth_source.update_attributes(params[:auth_source]) + @auth_source.safe_attributes = params[:auth_source] + if @auth_source.save flash[:notice] = l(:notice_successful_update) redirect_to auth_sources_path else @@ -89,6 +87,15 @@ class AuthSourcesController < ApplicationController private + def build_new_auth_source + @auth_source = AuthSource.new_subclass_instance(params[:type] || 'AuthSourceLdap') + if @auth_source + @auth_source.safe_attributes = params[:auth_source] + else + render_404 + end + end + def find_auth_source @auth_source = AuthSource.find(params[:id]) rescue ActiveRecord::RecordNotFound |