summaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/imports_controller.rb4
-rw-r--r--app/controllers/my_controller.rb2
-rw-r--r--app/controllers/project_enumerations_controller.rb19
-rw-r--r--app/controllers/search_controller.rb2
-rw-r--r--app/controllers/settings_controller.rb2
-rw-r--r--app/controllers/users_controller.rb2
6 files changed, 16 insertions, 15 deletions
diff --git a/app/controllers/imports_controller.rb b/app/controllers/imports_controller.rb
index 96589ac65..661eb7405 100644
--- a/app/controllers/imports_controller.rb
+++ b/app/controllers/imports_controller.rb
@@ -109,9 +109,9 @@ class ImportsController < ApplicationController
end
def update_from_params
- if params[:import_settings].is_a?(Hash)
+ if params[:import_settings].present?
@import.settings ||= {}
- @import.settings.merge!(params[:import_settings])
+ @import.settings.merge!(params[:import_settings].to_unsafe_hash)
@import.save!
end
end
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index bf04d55af..4e9f67d7d 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -138,7 +138,7 @@ class MyController < ApplicationController
block_settings = params[:settings] || {}
block_settings.each do |block, settings|
- @user.pref.update_block_settings(block, settings)
+ @user.pref.update_block_settings(block, settings.to_unsafe_hash)
end
@user.pref.save
@updated_blocks = block_settings.keys
diff --git a/app/controllers/project_enumerations_controller.rb b/app/controllers/project_enumerations_controller.rb
index f68d94869..d9a77f969 100644
--- a/app/controllers/project_enumerations_controller.rb
+++ b/app/controllers/project_enumerations_controller.rb
@@ -20,15 +20,8 @@ class ProjectEnumerationsController < ApplicationController
before_action :authorize
def update
- if params[:enumerations]
- saved = Project.transaction do
- params[:enumerations].each do |id, activity|
- @project.update_or_create_time_entry_activity(id, activity)
- end
- end
- if saved
- flash[:notice] = l(:notice_successful_update)
- end
+ if @project.update_or_create_time_entry_activities(update_params)
+ flash[:notice] = l(:notice_successful_update)
end
redirect_to settings_project_path(@project, :tab => 'activities')
@@ -41,4 +34,12 @@ class ProjectEnumerationsController < ApplicationController
flash[:notice] = l(:notice_successful_update)
redirect_to settings_project_path(@project, :tab => 'activities')
end
+
+ private
+
+ def update_params
+ params.
+ permit(:enumerations => [:parent_id, :active, {:custom_field_values => {}}]).
+ require(:enumerations)
+ end
end
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 2887db9a3..00b023872 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -68,7 +68,7 @@ class SearchController < ApplicationController
fetcher = Redmine::Search::Fetcher.new(
@question, User.current, @scope, projects_to_search,
:all_words => @all_words, :titles_only => @titles_only, :attachments => @search_attachments, :open_issues => @open_issues,
- :cache => params[:page].present?, :params => params
+ :cache => params[:page].present?, :params => params.to_unsafe_hash
)
if fetcher.tokens.present?
diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb
index 7b2dceb31..f4109571f 100644
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -34,7 +34,7 @@ class SettingsController < ApplicationController
def edit
@notifiables = Redmine::Notifiable.all
if request.post?
- errors = Setting.set_all_from_params(params[:settings])
+ errors = Setting.set_all_from_params(params[:settings].to_unsafe_hash)
if errors.blank?
flash[:notice] = l(:notice_successful_update)
redirect_to settings_path(:tab => params[:tab])
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0133f9797..653a37666 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -101,7 +101,7 @@ class UsersController < ApplicationController
format.html {
flash[:notice] = l(:notice_user_successful_create, :id => view_context.link_to(@user.login, user_path(@user)))
if params[:continue]
- attrs = params[:user].slice(:generate_password)
+ attrs = {:generate_password => @user.generate_password }
redirect_to new_user_path(:user => attrs)
else
redirect_to edit_user_path(@user)
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-13 04:03:06 +0000