Revision 16791
Added by Jean-Philippe Lang almost 8 years ago
sandbox/rails-5.1/app/models/issue.rb | ||
---|---|---|
511 | 511 |
# attr_accessible is too rough because we still want things like |
512 | 512 |
# Issue.new(:project => foo) to work |
513 | 513 |
def safe_attributes=(attrs, user=User.current) |
514 |
if attrs.respond_to?(:to_unsafe_hash) |
|
515 |
attrs = attrs.to_unsafe_hash |
|
516 |
end |
|
517 |
|
|
514 | 518 |
@attributes_set_by = user |
515 | 519 |
return unless attrs.is_a?(Hash) |
516 | 520 |
|
... | ... | |
585 | 589 |
attrs['custom_fields'].select! {|c| editable_custom_field_ids.include?(c['id'].to_s)} |
586 | 590 |
end |
587 | 591 |
|
588 |
# mass-assignment security bypass |
|
589 |
assign_attributes attrs, :without_protection => true |
|
592 |
assign_attributes attrs |
|
590 | 593 |
end |
591 | 594 |
|
592 | 595 |
def disabled_core_fields |
sandbox/rails-5.1/app/models/issue_relation.rb | ||
---|---|---|
81 | 81 |
'issue_to_id' |
82 | 82 |
|
83 | 83 |
def safe_attributes=(attrs, user=User.current) |
84 |
if attrs.respond_to?(:to_unsafe_hash) |
|
85 |
attrs = attrs.to_unsafe_hash |
|
86 |
end |
|
87 |
|
|
84 | 88 |
return unless attrs.is_a?(Hash) |
85 | 89 |
attrs = attrs.deep_dup |
86 | 90 |
|
sandbox/rails-5.1/app/models/project.rb | ||
---|---|---|
774 | 774 |
:if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)} |
775 | 775 |
|
776 | 776 |
def safe_attributes=(attrs, user=User.current) |
777 |
if attrs.respond_to?(:to_unsafe_hash) |
|
778 |
attrs = attrs.to_unsafe_hash |
|
779 |
end |
|
780 |
|
|
777 | 781 |
return unless attrs.is_a?(Hash) |
778 | 782 |
attrs = attrs.deep_dup |
779 | 783 |
|
sandbox/rails-5.1/app/models/wiki_page.rb | ||
---|---|---|
79 | 79 |
end |
80 | 80 |
|
81 | 81 |
def safe_attributes=(attrs, user=User.current) |
82 |
if attrs.respond_to?(:to_unsafe_hash) |
|
83 |
attrs = attrs.to_unsafe_hash |
|
84 |
end |
|
85 |
|
|
82 | 86 |
return unless attrs.is_a?(Hash) |
83 | 87 |
attrs = attrs.deep_dup |
84 | 88 |
|
sandbox/rails-5.1/config/environments/test.rb | ||
---|---|---|
30 | 30 |
config.redmine_verify_sessions = false |
31 | 31 |
|
32 | 32 |
# Print deprecation notices to stderr and the Rails logger. |
33 |
config.active_support.deprecation = [:stderr, :log]
|
|
33 |
config.active_support.deprecation = [:log] |
|
34 | 34 |
|
35 | 35 |
config.secret_key_base = 'a secret token for running the tests' |
36 | 36 |
|
sandbox/rails-5.1/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb | ||
---|---|---|
68 | 68 |
end |
69 | 69 |
|
70 | 70 |
def save_attachments(attachments, author=User.current) |
71 |
if attachments.respond_to?(:to_unsafe_hash) |
|
72 |
attachments = attachments.to_unsafe_hash |
|
73 |
end |
|
74 |
|
|
71 | 75 |
if attachments.is_a?(Hash) |
72 | 76 |
attachments = attachments.stringify_keys |
73 | 77 |
attachments = attachments.to_a.sort {|a, b| |
sandbox/rails-5.1/lib/redmine/safe_attributes.rb | ||
---|---|---|
80 | 80 |
# Sets attributes from attrs that are safe |
81 | 81 |
# attrs is a Hash with string keys |
82 | 82 |
def safe_attributes=(attrs, user=User.current) |
83 |
if attrs.respond_to?(:to_unsafe_hash) |
|
84 |
attrs = attrs.to_unsafe_hash |
|
85 |
end |
|
86 |
|
|
83 | 87 |
return unless attrs.is_a?(Hash) |
84 | 88 |
self.attributes = delete_unsafe_attributes(attrs, user) |
85 | 89 |
end |
Also available in: Unified diff
safe_attributes= takes a Hash.