| @@ -105,7 +105,7 class TimelogController < ApplicationController | |||
|
|
105 | 105 | |
|
|
106 | 106 | def new |
|
|
107 | 107 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) |
|
|
108 | @time_entry.attributes = params[:time_entry] | |
|
|
108 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
109 | 109 | |
|
|
110 | 110 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
|
111 | 111 | render :action => 'edit' |
| @@ -114,7 +114,7 class TimelogController < ApplicationController | |||
|
|
114 | 114 | verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed } |
|
|
115 | 115 | def create |
|
|
116 | 116 | @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today) |
|
|
117 | @time_entry.attributes = params[:time_entry] | |
|
|
117 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
118 | 118 | |
|
|
119 | 119 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
|
120 | 120 | |
| @@ -135,14 +135,14 class TimelogController < ApplicationController | |||
|
|
135 | 135 | end |
|
|
136 | 136 | |
|
|
137 | 137 | def edit |
|
|
138 | @time_entry.attributes = params[:time_entry] | |
|
|
138 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
139 | 139 | |
|
|
140 | 140 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
|
141 | 141 | end |
|
|
142 | 142 | |
|
|
143 | 143 | verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed } |
|
|
144 | 144 | def update |
|
|
145 | @time_entry.attributes = params[:time_entry] | |
|
|
145 | @time_entry.safe_attributes = params[:time_entry] | |
|
|
146 | 146 | |
|
|
147 | 147 | call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry }) |
|
|
148 | 148 | |
| @@ -173,7 +173,7 class TimelogController < ApplicationController | |||
|
|
173 | 173 | unsaved_time_entry_ids = [] |
|
|
174 | 174 | @time_entries.each do |time_entry| |
|
|
175 | 175 | time_entry.reload |
|
|
176 | time_entry.attributes = attributes | |
|
|
176 | time_entry.safe_attributes = attributes | |
|
|
177 | 177 | call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry }) |
|
|
178 | 178 | unless time_entry.save |
|
|
179 | 179 | # Keep unsaved time_entry ids to display them in flash error |
| @@ -16,6 +16,7 | |||
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class TimeEntry < ActiveRecord::Base |
|
|
19 | include Redmine::SafeAttributes | |
|
|
19 | 20 | # could have used polymorphic association |
|
|
20 | 21 | # project association here allows easy loading of time entries at project level with one database trip |
|
|
21 | 22 | belongs_to :project |
| @@ -46,6 +47,8 class TimeEntry < ActiveRecord::Base | |||
|
|
46 | 47 | :conditions => Project.allowed_to_condition(args.shift || User.current, :view_time_entries, *args) |
|
|
47 | 48 | }} |
|
|
48 | 49 | |
|
|
50 | safe_attributes 'hours', 'comments', 'issue_id', 'activity_id', 'spent_on', 'custom_field_values' | |
|
|
51 | ||
|
|
49 | 52 | def after_initialize |
|
|
50 | 53 | if new_record? && self.activity.nil? |
|
|
51 | 54 | if default_activity = TimeEntryActivity.default |
General Comments 0
You need to be logged in to leave comments.
Login now