nested tab attributes are safe, one cannot fake project_id, nor wiki_id

pull/41/head
Martin Linkhorst 13 years ago
parent fa26c9ceee
commit 284f689bd7
  1. 2
      app/models/wiki.rb

@ -25,7 +25,7 @@ class Wiki < ActiveRecord::Base
validates_presence_of :start_page validates_presence_of :start_page
validates_format_of :start_page, :with => /^[^,\.\/\?\;\|\:]*$/ validates_format_of :start_page, :with => /^[^,\.\/\?\;\|\:]*$/
safe_attributes 'start_page' safe_attributes 'start_page', 'tabs_attributes'
def visible?(user=User.current) def visible?(user=User.current)
!user.nil? && user.allowed_to?(:view_wiki_pages, project) !user.nil? && user.allowed_to?(:view_wiki_pages, project)

Loading…
Cancel
Save