diff options
| author | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2014-05-01 00:44:01 +0000 |
|---|---|---|
| committer | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2014-05-01 00:44:01 +0000 |
| commit | a599442d05e50f1998ef8e77df54240be4ceda1d (patch) | |
| tree | 89af96b996aaf1a5246ed7e61e0cd8c64ebef259 /app/models | |
| parent | 9fdd0862f74cb4b187fe7fe1422746702a4cb953 (diff) | |
| download | redmine-a599442d05e50f1998ef8e77df54240be4ceda1d.tar.gz redmine-a599442d05e50f1998ef8e77df54240be4ceda1d.zip | |
introduce request_store to ensure that the current user doesn't leak across request boundaries (#16685)
Contributed by Holger Just.
git-svn-id: http://svn.redmine.org/redmine/trunk@13110 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/user.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 4a33590f7..fd245c3e8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -626,11 +626,11 @@ class User < Principal end def self.current=(user) - Thread.current[:current_user] = user + RequestStore.store[:current_user] = user end def self.current - Thread.current[:current_user] ||= User.anonymous + RequestStore.store[:current_user] ||= User.anonymous end # Returns the anonymous user. If the anonymous user does not exist, it is created. There can be only |