Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-01 19:05:51 +01:00
Code Issues Packages Projects Releases Activity

Prevent mass-assignment when adding/updating a document (#10390).

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9130 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2012-03-06 18:54:41 +00:00
parent bdf6e90f05
commit 809d35d34b
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/documents_controller.rb
View File

@@ -47,11 +47,13 @@ class DocumentsController < ApplicationController
end
def new
@document = @project.documents.build(params[:document])
@document = @project.documents.build
@document.safe_attributes = params[:document]
end
def create
@document = @project.documents.build(params[:document])
@document = @project.documents.build
@document.safe_attributes = params[:document]
@document.save_attachments(params[:attachments])
if @document.save
render_attachment_warning_if_needed(@document)
@@ -66,7 +68,8 @@ class DocumentsController < ApplicationController
end
def update
if request.put? and @document.update_attributes(params[:document])
@document.safe_attributes = params[:document]
if request.put? and @document.save
flash[:notice] = l(:notice_successful_update)
redirect_to :action => 'show', :id => @document
else