diff options
| author | blackst0ne <blackst0ne.ru@gmail.com> | 2018-04-08 07:35:30 +0300 |
|---|---|---|
| committer | blackst0ne <blackst0ne.ru@gmail.com> | 2018-04-08 07:35:30 +0300 |
| commit | eddf3febd7e78a442a0b2fbd36d7b92ba769f4a5 (patch) | |
| tree | 17ce078c15b18cf28a2c0e65afae1411935168cf /app/controllers | |
| parent | dd552d06f6e39d5e6138a33bd7c1bffb2d3dbb1d (diff) | |
[Rails5] Add `safe_params` helper
Rails 5.0 requires to explicitly permit attributes when building a URL
using current `params` object.
The `safe_params` helper allows developers to just call `safe_params.merge(...)`
instead of manually adding `permit` to every call.
https://github.com/rails/rails/pull/20868
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/dashboard/todos_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/groups_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/projects_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 2 |
5 files changed, 5 insertions, 4 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 24651dd392c..0fdd4d2cb47 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base include Gitlab::GonHelper include GitlabRoutingHelper include PageLayoutHelper + include SafeParamsHelper include SentryHelper include WorkhorseHelper include EnforcesTwoFactorAuthentication diff --git a/app/controllers/dashboard/todos_controller.rb b/app/controllers/dashboard/todos_controller.rb index e89eaf7edda..f9e8fe624e8 100644 --- a/app/controllers/dashboard/todos_controller.rb +++ b/app/controllers/dashboard/todos_controller.rb @@ -86,7 +86,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController out_of_range = todos.current_page > total_pages if out_of_range - redirect_to url_for(params.merge(page: total_pages, only_path: true)) + redirect_to url_for(safe_params.merge(page: total_pages, only_path: true)) end out_of_range diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 283c3e5f1e0..a03612b9916 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -187,6 +187,6 @@ class GroupsController < Groups::ApplicationController params[:id] = group.to_param - url_for(params) + url_for(safe_params) end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 37f14230196..a93b116c6fe 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -404,7 +404,7 @@ class ProjectsController < Projects::ApplicationController params[:namespace_id] = project.namespace.to_param params[:id] = project.to_param - url_for(params) + url_for(safe_params) end def project_export_enabled diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 956df4a0a16..31f47a7aa7c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -146,6 +146,6 @@ class UsersController < ApplicationController end def build_canonical_path(user) - url_for(params.merge(username: user.to_param)) + url_for(safe_params.merge(username: user.to_param)) end end |