cafe-grader-web Commit - r637:d56b2e7de528

cafe-grader-web

parent | child

Description:

NEED TESTING move to stronger parameter for xxx.new(params[

Commit status:

[Not Reviewed]

References:

java

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r637:d56b2e7de528 - Wed, 25 Jan 2017 10:06:16 - 4 files changed: 10 inserted, 6 deleted

app/controllers/announcements_controller.rb ¶ +1 -1

                 # POST /announcements
                 # POST /announcements.xml
                 def create
-            -     @announcement = Announcement.new(params[:announcement])
+            +     @announcement = Announcement.new(announcement_params)
                   respond_to do |format|
                     if @announcement.save

app/controllers/problems_controller.rb ¶ +2 -2

                 end
                 def create
-            -     @problem = Problem.new(params[:problem])
+            +     @problem = Problem.new(problem_params)
                   @description = Description.new(params[:description])
                   if @description.body!=''
                     if !@description.save
                 end
                 def quick_create
-            -     @problem = Problem.new(params[:problem])
+            +     @problem = Problem.new(problem_params)
                   @problem.full_name = @problem.name if @problem.full_name == ''
                   @problem.full_score = 100
                   @problem.available = false

app/controllers/user_admin_controller.rb ¶ +1 -1

                 end
                 def create
-            -     @user = User.new(params[:user])
+            +     @user = User.new(user_params)
                   @user.activated = true
                   if @user.save
                     flash[:notice] = 'User was successfully created.'

app/controllers/users_controller.rb ¶ +6 -2

                     redirect_to :controller => 'main', :action => 'login'
                     return
                   end
-            -     @user = User.new(params[:user])
+            +     @user = User.new(user_params)
                   @user.password_confirmation = @user.password = User.random_password
                   @user.activated = false
                   if (@user.valid?) and (@user.save)
                   #finally, we allow only admin
                   admin_authorization
                 end
+            -
+            +
+            +   private
+            +     def user_params
+            +       params.require(:user).permit(:login, :full_name, :email)
+            +     end
               end

You need to be logged in to leave comments. Login now

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings