# HG changeset patch
# User Jittat Fakcharoenphol <jittat@gmail.com>
# Date 2012-10-01 07:16:34
# Node ID 6490fd9a1f54c1b0909893d0f3e0b1818c3a6fe1
# Parent  c31111f6e4b586c5c526f4c769b4a8074d1b38a3

fixed form_tag/form_for, disabled attributes whitelist

diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb
--- a/app/controllers/main_controller.rb
+++ b/app/controllers/main_controller.rb
@@ -58,7 +58,8 @@
   def submit
     user = User.find(session[:user_id])
 
-    @submission = Submission.new(params[:submission])
+    @submission = Submission.new
+    @submission.problem_id = params[:submission][:problem_id]
     @submission.user = user
     @submission.language_id = 0
     if (params['file']) and (params['file']!='')
diff --git a/app/views/graders/list.html.haml b/app/views/graders/list.html.haml
--- a/app/views/graders/list.html.haml
+++ b/app/views/graders/list.html.haml
@@ -11,16 +11,16 @@
   .item
     Grader control:
   .item
-    - form_for :clear, nil, :url => {:action => 'start_grading'} do |f|
+    = form_for :clear, nil, :url => {:action => 'start_grading'} do |f|
       = submit_tag 'Start graders in grading env'
   .item
-    - form_for :clear, nil, :url => {:action => 'start_exam'} do |f|
+    = form_for :clear, nil, :url => {:action => 'start_exam'} do |f|
       = submit_tag 'Start graders in exam env'
   .item
-    - form_for :clear, nil, :url => {:action => 'stop_all'} do |f|
+    = form_for :clear, nil, :url => {:action => 'stop_all'} do |f|
       = submit_tag 'Stop all running graders'
   .item
-    - form_for :clear, nil, :url => {:action => 'clear_all'} do |f|
+    = form_for :clear, nil, :url => {:action => 'clear_all'} do |f|
       = submit_tag 'Clear all data'
   %br{:style => 'clear:both'}/
 
@@ -45,7 +45,7 @@
 
 %h2 Terminated graders
 
-- form_for :clear, nil, :url => {:action => 'clear_terminated'} do |f|
+= form_for :clear, nil, :url => {:action => 'clear_terminated'} do |f|
   = submit_tag 'Clear data for terminated graders'
 
 = render :partial => 'grader_list', :locals => {:grader_list => @terminated_processes}
diff --git a/app/views/main/confirm_contest_start.html.haml b/app/views/main/confirm_contest_start.html.haml
--- a/app/views/main/confirm_contest_start.html.haml
+++ b/app/views/main/confirm_contest_start.html.haml
@@ -12,5 +12,5 @@
 
       =t 'main.confirm_contest_start.timer_starts_after_click'
 
-      - form_tag :action => 'confirm_contest_start', :method => 'post' do
+      = form_tag :action => 'confirm_contest_start', :method => 'post' do
         = submit_tag t('main.confirm_contest_start.start_button'), :confirm => t('main.confirm_contest_start.start_button_confirm')
diff --git a/app/views/messages/list.html.haml b/app/views/messages/list.html.haml
--- a/app/views/messages/list.html.haml
+++ b/app/views/messages/list.html.haml
@@ -14,7 +14,7 @@
         (4) **INVALID QUESTION**, and
         (5) **NO COMMENT**.
 
-- form_for 'message', nil, :url => { :action => 'create'} do |f|
+= form_for 'message', nil, :url => { :action => 'create'} do |f|
   %p 
     %b New clarification request
     = submit_tag "Post"
diff --git a/app/views/messages/show.html.haml b/app/views/messages/show.html.haml
--- a/app/views/messages/show.html.haml
+++ b/app/views/messages/show.html.haml
@@ -6,7 +6,7 @@
   .body= simple_format(@message.body)
 
 %h3 Your reply:
-- form_for 'r_message', nil, :url => { :action => 'reply'} do |f|
+= form_for 'r_message', nil, :url => { :action => 'reply'} do |f|
   = f.text_area :body, :rows => 5, :cols => 100
   = f.hidden_field :receiver_id, {:value => @message.sender_id }
   = f.hidden_field :replying_message_id, {:value => @message.id }
diff --git a/app/views/problems/import.html.haml b/app/views/problems/import.html.haml
--- a/app/views/problems/import.html.haml
+++ b/app/views/problems/import.html.haml
@@ -9,7 +9,7 @@
 - if @problem and @problem.errors
   =error_messages_for 'problem'
 
-- form_tag({:action => 'do_import'}, :multipart => true)  do
+= form_tag({:action => 'do_import'}, :multipart => true)  do
   .submitbox
     %table
       %tr
diff --git a/app/views/problems/manage.html.haml b/app/views/problems/manage.html.haml
--- a/app/views/problems/manage.html.haml
+++ b/app/views/problems/manage.html.haml
@@ -6,7 +6,7 @@
 
 %p= link_to '[Back to problem list]', :action => 'list'
 
-- form_tag :action=>'do_manage' do
+= form_tag :action=>'do_manage' do
   .submitbox
     What do you want to do?
     %br/
diff --git a/app/views/site/login.html.haml b/app/views/site/login.html.haml
--- a/app/views/site/login.html.haml
+++ b/app/views/site/login.html.haml
@@ -15,7 +15,7 @@
   %h2 For Site Administrator.
 
   - if @default_site
-    - form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
+    = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
       %b Log in for default site.
       = f.hidden_field :site_id, :value => @default_site.id
       %br/
@@ -25,7 +25,7 @@
  
   - else
     Please select your country and site and login.
-    - form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
+    = form_for :login, nil, :url => {:controller => 'login', :action => 'site_login'} do |f|
       Country:
       = select :site_country, :id, @country_select_with_all, {}, {:onchange => "updateSiteList();", :onclick => "updateSiteList();" }
       Site: 
diff --git a/app/views/site/prompt.html.haml b/app/views/site/prompt.html.haml
--- a/app/views/site/prompt.html.haml
+++ b/app/views/site/prompt.html.haml
@@ -11,7 +11,7 @@
 %br/
 %br/
 
-- form_tag :action => 'start' do
+= form_tag :action => 'start' do
   When you're ready, you can click the button below to start the contest.
   %br/
   Please make sure that the contestants are ready.
diff --git a/app/views/test/index.html.erb b/app/views/test/index.html.erb
--- a/app/views/test/index.html.erb
+++ b/app/views/test/index.html.erb
@@ -40,7 +40,7 @@
 <% if GraderConfiguration.show_submitbox_to?(@user) and GraderConfiguration.allow_test_request(@user) %>
   <div class="submitbox">
   <%= error_messages_for 'submitted_test_request' %>
-  <% form_for :test_request, nil, 
+  <%= form_for :test_request, nil, 
               :url => { :action => 'submit'}, 
               :html => { :multipart => true } do |f| %>
     <table>
diff --git a/app/views/user_admin/admin.html.haml b/app/views/user_admin/admin.html.haml
--- a/app/views/user_admin/admin.html.haml
+++ b/app/views/user_admin/admin.html.haml
@@ -16,7 +16,7 @@
           = link_to '[revoke]', :action => 'revoke_admin', :id => user.id
 %hr
 
-- form_tag :action => 'grant_admin' do
+= form_tag :action => 'grant_admin' do
   Grant admin permission to:
   = text_field_tag 'login'
   = submit_tag 'Grant'
diff --git a/app/views/user_admin/contest_management.html.haml b/app/views/user_admin/contest_management.html.haml
--- a/app/views/user_admin/contest_management.html.haml
+++ b/app/views/user_admin/contest_management.html.haml
@@ -1,6 +1,6 @@
 %h1 Bulk edit users in contests
 
-- form_tag :action => 'manage_contest' do
+= form_tag :action => 'manage_contest' do
   List users' login below; one per line.
   %br/
   = text_area_tag 'login_list', nil, :rows => 23, :cols => 80
diff --git a/app/views/user_admin/mass_mailing.html.haml b/app/views/user_admin/mass_mailing.html.haml
--- a/app/views/user_admin/mass_mailing.html.haml
+++ b/app/views/user_admin/mass_mailing.html.haml
@@ -1,6 +1,6 @@
 %h1 Send mass e-mails
 
-- form_tag :action => 'bulk_mail' do
+= form_tag :action => 'bulk_mail' do
   %b List recipients' login below; one per line.
   %br/
   = text_area_tag 'login_list', nil, :rows => 7, :cols => 80
diff --git a/app/views/users/forget.html.haml b/app/views/users/forget.html.haml
--- a/app/views/users/forget.html.haml
+++ b/app/views/users/forget.html.haml
@@ -9,7 +9,7 @@
 
 %br/
 
-- form_tag :action => 'retrieve_password' do
+= form_tag :action => 'retrieve_password' do
   =t 'registration.password_retrieval.instructions'
   = text_field 'email', nil, :size => 20
   %br/
diff --git a/app/views/users/index.html.haml b/app/views/users/index.html.haml
--- a/app/views/users/index.html.haml
+++ b/app/views/users/index.html.haml
@@ -24,7 +24,7 @@
   %tr
     %th.uinfo Password
     %td.uinfo
-      - form_tag :action => 'chg_passwd', :method => 'post' do
+      = form_tag :action => 'chg_passwd', :method => 'post' do
         %table
           %tr
             %td= password_field_tag 'passwd'
diff --git a/app/views/users/new.html.haml b/app/views/users/new.html.haml
--- a/app/views/users/new.html.haml
+++ b/app/views/users/new.html.haml
@@ -8,7 +8,7 @@
 = error_messages_for :user, :header_message => (t 'registration.errors.header')
 
 %table
-  - form_for :user, @user, :url => { :action => 'register' } do |f|
+  = form_for :user, @user, :url => { :action => 'register' } do |f|
     %tr
       %td{:align => "right"}
         = "#{t 'login_label'}:"
diff --git a/config/application.rb b/config/application.rb
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,7 +51,7 @@
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = false
 
     # Enable the asset pipeline
     config.assets.enabled = false