##// END OF EJS Templates
jro_apps » redmine
RSS
Don't check that params[:settings] is a Hash....
Jean-Philippe Lang -
r15347:fcd8ace743b8
parent child
Show More
Side by Side Unified
Context file:
r15347:fcd8ace743b8 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,73 +1,74
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class SettingsController < ApplicationController
18 class SettingsController < ApplicationController
19 layout 'admin'
19 layout 'admin'
20 menu_item :plugins, :only => :plugin
20 menu_item :plugins, :only => :plugin
21
21
22 helper :queries
22 helper :queries
23
23
24 before_action :require_admin
24 before_action :require_admin
25
25
26 require_sudo_mode :index, :edit, :plugin
26 require_sudo_mode :index, :edit, :plugin
27
27
28 def index
28 def index
29 edit
29 edit
30 render :action => 'edit'
30 render :action => 'edit'
31 end
31 end
32
32
33 def edit
33 def edit
34 @notifiables = Redmine::Notifiable.all
34 @notifiables = Redmine::Notifiable.all
35 if request.post? && params[:settings] && params[:settings].is_a?(Hash)
35 if request.post?
36 Setting.set_all_from_params(params[:settings])
36 if Setting.set_all_from_params(params[:settings])
37 flash[:notice] = l(:notice_successful_update)
37 flash[:notice] = l(:notice_successful_update)
38 end
38 redirect_to settings_path(:tab => params[:tab])
39 redirect_to settings_path(:tab => params[:tab])
39 else
40 else
40 @options = {}
41 @options = {}
41 user_format = User::USER_FORMATS.collect{|key, value| [key, value[:setting_order]]}.sort{|a, b| a[1] <=> b[1]}
42 user_format = User::USER_FORMATS.collect{|key, value| [key, value[:setting_order]]}.sort{|a, b| a[1] <=> b[1]}
42 @options[:user_format] = user_format.collect{|f| [User.current.name(f[0]), f[0].to_s]}
43 @options[:user_format] = user_format.collect{|f| [User.current.name(f[0]), f[0].to_s]}
43 @deliveries = ActionMailer::Base.perform_deliveries
44 @deliveries = ActionMailer::Base.perform_deliveries
44
45
45 @guessed_host_and_path = request.host_with_port.dup
46 @guessed_host_and_path = request.host_with_port.dup
46 @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
47 @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
47
48
48 @commit_update_keywords = Setting.commit_update_keywords.dup
49 @commit_update_keywords = Setting.commit_update_keywords.dup
49 @commit_update_keywords = [{}] unless @commit_update_keywords.is_a?(Array) && @commit_update_keywords.any?
50 @commit_update_keywords = [{}] unless @commit_update_keywords.is_a?(Array) && @commit_update_keywords.any?
50
51
51 Redmine::Themes.rescan
52 Redmine::Themes.rescan
52 end
53 end
53 end
54 end
54
55
55 def plugin
56 def plugin
56 @plugin = Redmine::Plugin.find(params[:id])
57 @plugin = Redmine::Plugin.find(params[:id])
57 unless @plugin.configurable?
58 unless @plugin.configurable?
58 render_404
59 render_404
59 return
60 return
60 end
61 end
61
62
62 if request.post?
63 if request.post?
63 Setting.send "plugin_#{@plugin.id}=", params[:settings]
64 Setting.send "plugin_#{@plugin.id}=", params[:settings].permit!.to_h
64 flash[:notice] = l(:notice_successful_update)
65 flash[:notice] = l(:notice_successful_update)
65 redirect_to plugin_settings_path(@plugin)
66 redirect_to plugin_settings_path(@plugin)
66 else
67 else
67 @partial = @plugin.settings[:partial]
68 @partial = @plugin.settings[:partial]
68 @settings = Setting.send "plugin_#{@plugin.id}"
69 @settings = Setting.send "plugin_#{@plugin.id}"
69 end
70 end
70 rescue Redmine::PluginNotFound
71 rescue Redmine::PluginNotFound
71 render_404
72 render_404
72 end
73 end
73 end
74 end
General Comments 0
You need to be logged in to leave comments. Login now