| @@ -7,7 +7,8 class CommentsController < ApplicationController | |||
|
|
7 | 7 | |
|
|
8 | 8 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } |
|
|
9 | 9 | def create |
|
|
10 |
@comment = Comment.new |
|
|
|
10 | @comment = Comment.new | |
|
|
11 | @comment.safe_attributes = params[:comment] | |
|
|
11 | 12 | @comment.author = User.current |
|
|
12 | 13 | if @news.comments << @comment |
|
|
13 | 14 | flash[:notice] = l(:label_comment_added) |
| @@ -16,8 +16,11 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class Comment < ActiveRecord::Base |
|
|
19 | include Redmine::SafeAttributes | |
|
|
19 | 20 | belongs_to :commented, :polymorphic => true, :counter_cache => true |
|
|
20 | 21 | belongs_to :author, :class_name => 'User', :foreign_key => 'author_id' |
|
|
21 | 22 | |
|
|
22 | 23 | validates_presence_of :commented, :author, :comments |
|
|
24 | ||
|
|
25 | safe_attributes 'comments' | |
|
|
23 | 26 | end |
General Comments 0
You need to be logged in to leave comments.
Login now