| @@ -23,6 +23,7 class ApplicationController < ActionController::Base | |||||
| 23 |
|
23 | |||
| 24 | before_filter :user_setup, :check_if_login_required, :set_localization |
|
24 | before_filter :user_setup, :check_if_login_required, :set_localization | |
| 25 | filter_parameter_logging :password |
|
25 | filter_parameter_logging :password | |
|
|
26 | protect_from_forgery :secret => session.first[:secret] | |||
| 26 |
|
27 | |||
| 27 | include Redmine::MenuManager::MenuController |
|
28 | include Redmine::MenuManager::MenuController | |
| 28 | helper Redmine::MenuManager::MenuHelper |
|
29 | helper Redmine::MenuManager::MenuHelper | |
| @@ -15,3 +15,6 config.action_controller.perform_caching = false | |||||
| 15 |
|
15 | |||
| 16 | config.action_mailer.perform_deliveries = true |
|
16 | config.action_mailer.perform_deliveries = true | |
| 17 | config.action_mailer.delivery_method = :test |
|
17 | config.action_mailer.delivery_method = :test | |
|
|
18 | ||||
|
|
19 | # Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application | |||
|
|
20 | config.action_controller.allow_forgery_protection = false | |||
| @@ -15,3 +15,7 config.action_controller.perform_caching = false | |||||
| 15 |
|
15 | |||
| 16 | config.action_mailer.perform_deliveries = true |
|
16 | config.action_mailer.perform_deliveries = true | |
| 17 | config.action_mailer.delivery_method = :test |
|
17 | config.action_mailer.delivery_method = :test | |
|
|
18 | ||||
|
|
19 | # Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application | |||
|
|
20 | config.action_controller.allow_forgery_protection = false | |||
|
|
21 | ||||
| @@ -15,3 +15,6 config.action_controller.perform_caching = false | |||||
| 15 |
|
15 | |||
| 16 | config.action_mailer.perform_deliveries = true |
|
16 | config.action_mailer.perform_deliveries = true | |
| 17 | config.action_mailer.delivery_method = :test |
|
17 | config.action_mailer.delivery_method = :test | |
|
|
18 | ||||
|
|
19 | # Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application | |||
|
|
20 | config.action_controller.allow_forgery_protection = false | |||
| @@ -11,6 +11,7 http://www.redmine.org/ | |||||
| 11 | * Fixed: First date of the date range not included in the time report with SQLite |
|
11 | * Fixed: First date of the date range not included in the time report with SQLite | |
| 12 | * Fixed: Password field not styled correctly on alternative stylesheet |
|
12 | * Fixed: Password field not styled correctly on alternative stylesheet | |
| 13 | * Fixed: Error when sumbitting a POST request that requires a login |
|
13 | * Fixed: Error when sumbitting a POST request that requires a login | |
|
|
14 | * Fixed: CSRF vulnerabilities | |||
| 14 |
|
15 | |||
| 15 | == 2009-11-04 v0.8.6 |
|
16 | == 2009-11-04 v0.8.6 | |
| 16 |
|
17 | |||
General Comments 0
You need to be logged in to leave comments.
Login now