| @@ -118,12 +118,12 class TimelogController < ApplicationController | |||
|
|
118 | 118 | |
|
|
119 | 119 | def new |
|
|
120 | 120 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) |
|
|
121 | @time_entry.attributes = params[:time_entry] | |
|
|
121 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
122 | 122 | end |
|
|
123 | 123 | |
|
|
124 | 124 | def create |
|
|
125 | 125 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) |
|
|
126 | @time_entry.attributes = params[:time_entry] | |
|
|
126 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
127 | 127 | |
|
|
128 | 128 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
|
129 | 129 | |
| @@ -152,11 +152,11 class TimelogController < ApplicationController | |||
|
|
152 | 152 | end |
|
|
153 | 153 | |
|
|
154 | 154 | def edit |
|
|
155 | @time_entry.attributes = params[:time_entry] | |
|
|
155 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
156 | 156 | end |
|
|
157 | 157 | |
|
|
158 | 158 | def update |
|
|
159 | @time_entry.attributes = params[:time_entry] | |
|
|
159 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
160 | 160 | |
|
|
161 | 161 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
|
162 | 162 | |
| @@ -187,7 +187,7 class TimelogController < ApplicationController | |||
|
|
187 | 187 | unsaved_time_entry_ids = [] |
|
|
188 | 188 | @time_entries.each do |time_entry| |
|
|
189 | 189 | time_entry.reload |
|
|
190 | time_entry.attributes = attributes | |
|
|
190 | time_entry.safe_attributes = attributes | |
|
|
191 | 191 | call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry }) |
|
|
192 | 192 | unless time_entry.save |
|
|
193 | 193 | # Keep unsaved time_entry ids to display them in flash error |
| @@ -16,6 +16,7 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class TimeEntry < ActiveRecord::Base |
|
|
19 | include Redmine::SafeAttributes | |
|
|
19 | 20 | # could have used polymorphic association |
|
|
20 | 21 | # project association here allows easy loading of time entries at project level with one database trip |
|
|
21 | 22 | belongs_to :project |
| @@ -65,6 +66,8 class TimeEntry < ActiveRecord::Base | |||
|
|
65 | 66 | end |
|
|
66 | 67 | } |
|
|
67 | 68 | |
|
|
69 | safe_attributes 'hours', 'comments', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values' | |
|
|
70 | ||
|
|
68 | 71 | def initialize(attributes=nil, *args) |
|
|
69 | 72 | super |
|
|
70 | 73 | if new_record? && self.activity.nil? |
General Comments 0
You need to be logged in to leave comments.
Login now