diff --git a/app/models/issue.rb b/app/models/issue.rb index 626b6667e3..bffb611fa8 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -121,7 +121,9 @@ class Issue < ActiveRecord::Base def copy_from(arg) issue = arg.is_a?(Issue) ? arg : Issue.visible.find(arg) - self.force_attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on") + # project_id is protected from mass-assignment + self.attributes = issue.attributes.dup.except("id", "root_id", "parent_id", "lft", "rgt", "created_on", "updated_on", "project_id") + self.project_id = issue.attributes['project_id'] self.custom_field_values = issue.custom_field_values.inject({}) {|h,v| h[v.custom_field_id] = v.value; h} self.status = issue.status self diff --git a/app/models/member.rb b/app/models/member.rb index 172587a4d7..8459ee2f66 100644 --- a/app/models/member.rb +++ b/app/models/member.rb @@ -74,7 +74,10 @@ class Member < ActiveRecord::Base # Find or initilize a Member with an id, attributes, and for a Principal def self.edit_membership(id, new_attributes, principal=nil) @membership = id.present? ? Member.find(id) : Member.new(:principal => principal) - @membership.force_attributes = new_attributes + # project_id is protected from mass-assignment + project_id = new_attributes.delete('project_id') + @membership.attributes = new_attributes + @membership.project_id = project_id @membership end