Use strong parameters in menu item controllers

pull/643/head
Till Breuer 11 years ago
parent 7770f03d1a
commit aa895306bd
  1. 6
      app/controllers/query_menu_items_controller.rb
  2. 17
      app/controllers/wiki_menu_items_controller.rb
  3. 2
      app/models/menu_item.rb

@ -40,7 +40,7 @@ class QueryMenuItemsController < ApplicationController
def update
@query_menu_item = MenuItems::QueryMenuItem.find params[:id]
if @query_menu_item.update_attributes params[:menu_items_query_menu_item]
if @query_menu_item.update_attributes query_menu_item_params
flash[:notice] = l(:notice_successful_update)
else
flash[:error] = l(:error_menu_item_not_saved)
@ -90,4 +90,8 @@ class QueryMenuItemsController < ApplicationController
super
end
def query_menu_item_params
params.require(:menu_items_query_menu_item).permit(:name, :title, :navigatable_id, :parent_id)
end
end

@ -42,7 +42,7 @@ class WikiMenuItemsController < ApplicationController
end
def update
wiki_menu_setting = params[:menu_items_wiki_menu_item][:setting]
wiki_menu_setting = wiki_menu_item_params[:setting]
parent_wiki_menu_item = params[:parent_wiki_menu_item]
get_data_from_params(params)
@ -62,7 +62,7 @@ class WikiMenuItemsController < ApplicationController
end
else
@wiki_menu_item.navigatable_id = @page.wiki.id
@wiki_menu_item.name = params[:menu_items_wiki_menu_item][:name]
@wiki_menu_item.name = wiki_menu_item_params[:name]
@wiki_menu_item.title = @page_title
if wiki_menu_setting == 'sub_item'
@ -104,6 +104,11 @@ class WikiMenuItemsController < ApplicationController
private
def wiki_menu_item_params
@wiki_menu_item_params ||= params.require(:menu_items_wiki_menu_item).permit(:name, :title, :navigatable_id, :parent_id, :setting, :new_wiki_page, :index_page)
end
def get_data_from_params(params)
@page_title = params[:id]
wiki_id = @project.wiki.id
@ -122,15 +127,15 @@ class WikiMenuItemsController < ApplicationController
end
def assign_wiki_menu_item_params(menu_item)
if params[:menu_items_wiki_menu_item][:new_wiki_page] == "1"
if wiki_menu_item_params[:new_wiki_page] == "1"
menu_item.new_wiki_page = true
elsif params[:menu_items_wiki_menu_item][:new_wiki_page] == "0"
elsif wiki_menu_item_params[:new_wiki_page] == "0"
menu_item.new_wiki_page = false
end
if params[:menu_items_wiki_menu_item][:index_page] == "1"
if wiki_menu_item_params[:index_page] == "1"
menu_item.index_page = true
elsif params[:menu_items_wiki_menu_item][:index_page] == "0"
elsif wiki_menu_item_params[:index_page] == "0"
menu_item.index_page = false
end
end

@ -32,8 +32,6 @@ class MenuItem < ActiveRecord::Base
serialize :options, Hash
attr_accessible :name, :title, :navigatable_id, :parent_id
validates_presence_of :title
validates_format_of :title, :with => /\A[^,\.\/\?\;\|\:]*\z/
validates_uniqueness_of :title, :scope => [:navigatable_id, :type]

Loading…
Cancel
Save