diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-17 06:43:12 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-07-17 06:43:12 +0000 |
| commit | 43d8ab8288e1d1f561d3fc530472ddb0042db5fe (patch) | |
| tree | 9751cafb90b684cf955174b46e3514dc4efd8bd1 /app/models | |
| parent | cad0036297bdecc13bcd5cb66f439081ca2bae9f (diff) | |
| download | redmine-43d8ab8288e1d1f561d3fc530472ddb0042db5fe.tar.gz redmine-43d8ab8288e1d1f561d3fc530472ddb0042db5fe.zip | |
Use safe_attributes for user preferences.
git-svn-id: http://svn.redmine.org/redmine/trunk@15688 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/user_preference.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/models/user_preference.rb b/app/models/user_preference.rb index 0fdbfb508..52d120c74 100644 --- a/app/models/user_preference.rb +++ b/app/models/user_preference.rb @@ -16,6 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class UserPreference < ActiveRecord::Base + include Redmine::SafeAttributes + belongs_to :user serialize :others @@ -23,6 +25,12 @@ class UserPreference < ActiveRecord::Base before_save :set_others_hash + safe_attributes 'hide_mail', + 'time_zone', + 'comments_sorting', + 'warn_on_leaving_unsaved', + 'no_self_notified' + def initialize(attributes=nil, *args) super if new_record? && !(attributes && attributes.key?(:hide_mail)) |