Safe attributes for repositories.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9876 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-06-19 19:47:54 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2012-06-19 19:47:54 +0000
commit: 585d08765e91fadbbe3abf268339331622746b85 (patch)
tree: 70bcc3c7b2a6fc202548a639b0d7781d92c33a4a /app
parent: 3b854bee59211a8a1889f3630c5316a71d182c70 (diff)
download: redmine-585d08765e91fadbbe3abf268339331622746b85.tar.gz
redmine-585d08765e91fadbbe3abf268339331622746b85.zip
3 files changed, 14 insertions, 2 deletions
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index f93bedead..b315a200a 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -47,7 +47,8 @@ class RepositoriesController < ApplicationController
 
   def create
     attrs = pickup_extra_info
-    @repository = Repository.factory(params[:repository_scm], attrs[:attrs])
+    @repository = Repository.factory(params[:repository_scm])
+    @repository.safe_attributes = params[:repository]
     if attrs[:attrs_extra].keys.any?
       @repository.merge_extra_info(attrs[:attrs_extra])
     end
@@ -64,7 +65,7 @@ class RepositoriesController < ApplicationController
 
   def update
     attrs = pickup_extra_info
-    @repository.attributes = attrs[:attrs]
+    @repository.safe_attributes = attrs[:attrs]
     if attrs[:attrs_extra].keys.any?
       @repository.merge_extra_info(attrs[:attrs_extra])
     end
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 873c22313..8f2cd5c67 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -19,6 +19,7 @@ class ScmFetchError < Exception; end
 
 class Repository < ActiveRecord::Base
   include Redmine::Ciphering
+  include Redmine::SafeAttributes
 
   belongs_to :project
   has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC"
@@ -42,6 +43,14 @@ class Repository < ActiveRecord::Base
   # Checks if the SCM is enabled when creating a repository
   validate :repo_create_validation, :on => :create
 
+  safe_attributes 'identifier',
+    'url',
+    'login',
+    'password',
+    'path_encoding',
+    'log_encoding',
+    'is_default'
+
   def repo_create_validation
     unless Setting.enabled_scm.include?(self.class.name.demodulize)
       errors.add(:type, :invalid)
diff --git a/app/models/repository/cvs.rb b/app/models/repository/cvs.rb
index ebfceb6ab..f43a15620 100644
--- a/app/models/repository/cvs.rb
+++ b/app/models/repository/cvs.rb
@@ -21,6 +21,8 @@ require 'digest/sha1'
 class Repository::Cvs < Repository
   validates_presence_of :url, :root_url, :log_encoding
 
+  safe_attributes 'root_url'
+
   def self.human_attribute_name(attribute_key_name, *args)
     attr_name = attribute_key_name.to_s
     if attr_name == "root_url"
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-06-19 19:47:54 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2012-06-19 19:47:54 +0000
commit	585d08765e91fadbbe3abf268339331622746b85 (patch)
tree	70bcc3c7b2a6fc202548a639b0d7781d92c33a4a /app
parent	3b854bee59211a8a1889f3630c5316a71d182c70 (diff)
download	redmine-585d08765e91fadbbe3abf268339331622746b85.tar.gz redmine-585d08765e91fadbbe3abf268339331622746b85.zip