##// END OF EJS Templates
jro_apps » redmine
RSS
Use safe_attributes....
Jean-Philippe Lang -
r15287:dca56a0350c3
parent child
Show More
Side by Side Unified
Context file:
r15287:dca56a0350c3 Loading diff...:
Show file before | Show file after | Hide comments
@@ -31,13 +31,15 class TrackersController < ApplicationController
31 31 end
32 32
33 33 def new
34 @tracker ||= Tracker.new(params[:tracker])
34 @tracker ||= Tracker.new
35 @tracker.safe_attributes = params[:tracker]
35 36 @trackers = Tracker.sorted.to_a
36 37 @projects = Project.all
37 38 end
38 39
39 40 def create
40 @tracker = Tracker.new(params[:tracker])
41 @tracker = Tracker.new
42 @tracker.safe_attributes = params[:tracker]
41 43 if @tracker.save
42 44 # workflow copy
43 45 if !params[:copy_workflow_from].blank? && (copy_from = Tracker.find_by_id(params[:copy_workflow_from]))
@@ -58,7 +60,8 class TrackersController < ApplicationController
58 60
59 61 def update
60 62 @tracker = Tracker.find(params[:id])
61 if @tracker.update_attributes(params[:tracker])
63 @tracker.safe_attributes = params[:tracker]
64 if @tracker.save
62 65 respond_to do |format|
63 66 format.html {
64 67 flash[:notice] = l(:notice_successful_update)
Show file before | Show file after | Hide comments
@@ -16,6 +16,7
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class Tracker < ActiveRecord::Base
19 include Redmine::SafeAttributes
19 20
20 21 CORE_FIELDS_UNDISABLABLE = %w(project_id tracker_id subject description priority_id is_private).freeze
21 22 # Fields that can be disabled
@@ -69,6 +70,14 class Tracker < ActiveRecord::Base
69 70 joins(:projects).where(condition).distinct
70 71 }
71 72
73 safe_attributes 'name',
74 'default_status_id',
75 'is_in_roadmap',
76 'core_fields',
77 'position',
78 'custom_field_ids',
79 'project_ids'
80
72 81 def to_s; name end
73 82
74 83 def <=>(tracker)
General Comments 0
You need to be logged in to leave comments. Login now