Prevent mass-assignment when adding/updating an issue category (#10390).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9131 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-03-06 18:59:32 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-03-06 18:59:32 +0000
commit: 460239d1f9ee447fd9eafe208c9faadd65817e24 (patch)
tree: 0f1af5a3d4303c7e7db163d0b164dce177019ed6 /app/models
parent: 809d35d34bc438669719676fa8485610efeb67a5 (diff)
download: redmine-460239d1f9ee447fd9eafe208c9faadd65817e24.tar.gz
redmine-460239d1f9ee447fd9eafe208c9faadd65817e24.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/app/models/issue_category.rb b/app/models/issue_category.rb
index b05f58dd4..162e7dc72 100644
--- a/app/models/issue_category.rb
+++ b/app/models/issue_category.rb
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class IssueCategory < ActiveRecord::Base
+  include Redmine::SafeAttributes
   belongs_to :project
   belongs_to :assigned_to, :class_name => 'Principal', :foreign_key => 'assigned_to_id'
   has_many :issues, :foreign_key => 'category_id', :dependent => :nullify
@@ -24,7 +25,7 @@ class IssueCategory < ActiveRecord::Base
   validates_uniqueness_of :name, :scope => [:project_id]
   validates_length_of :name, :maximum => 30
   
-  attr_protected :project_id
+  safe_attributes 'name', 'assigned_to_id'
 
   named_scope :named, lambda {|arg| { :conditions => ["LOWER(#{table_name}.name) = LOWER(?)", arg.to_s.strip]}}
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-03-06 18:59:32 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-03-06 18:59:32 +0000
commit	460239d1f9ee447fd9eafe208c9faadd65817e24 (patch)
tree	0f1af5a3d4303c7e7db163d0b164dce177019ed6 /app/models
parent	809d35d34bc438669719676fa8485610efeb67a5 (diff)
download	redmine-460239d1f9ee447fd9eafe208c9faadd65817e24.tar.gz redmine-460239d1f9ee447fd9eafe208c9faadd65817e24.zip