Commit Graph

6171 Commits (e9da81ebca1692c74eba8c2a694b1cf265af7729)
 

Author SHA1 Message Date
Romano Licker 422705c5de fixes attachment partial on windows browsers 13 years ago
Jens Ulferts 47454dd7e5 making successful saving a condition for a success response on member edit 13 years ago
jwollert 068e3048c4 display summary in news#index if we got one. if not, display a short version of the news text 13 years ago
jwollert 9f73b8c734 Merge branch 'feature/2.4.0/accessibility-master' of github.com:finnlabs/chiliproject into feature/2.4.0/accessibility-master 13 years ago
jwollert 65b384db2e unify issues bulk update form. code for custom fields now looks just like standard issue fields' 13 years ago
Martin Linkhorst 3e034514f6 re-allow mass assignment of assign_to_id of issue categories. but issue category won't be valid unless assignee is also project member of the category. (mirroring what is possible to select in the view) fixes #28790 13 years ago
Romano Licker d9069356e1 display errors correctly when adding a member to a project 13 years ago
Romano Licker 01f8886a63 fixes: couldn't switch roles on a user & ensure correct 13 years ago
Martin Linkhorst 1fd10e5243 use super without explicit params, cleanup whitespace 13 years ago
Romano Licker e2d7bde493 fixing copying of members (while copying a project) 13 years ago
Jens Ulferts e4dfb3ed80 Initialize locale_fallbacks only if Settings table exists 13 years ago
Martin Linkhorst 83c9edd278 fixes missing spec 13 years ago
Jens Ulferts ce0bdc8abd add start_date to save attributes, validate it as date format 13 years ago
Jens Ulferts 3511600c0a adjust members_controller to work with the protected attributes 13 years ago
Romano Licker 5bf1c81ecc do not remove text when highlighting in IE 13 years ago
Martin Linkhorst 20f7643187 forgotten locale file from another issue. completely unrelated to mass assignment 13 years ago
Martin Linkhorst 284f689bd7 nested tab attributes are safe, one cannot fake project_id, nor wiki_id 13 years ago
Romano Licker 73c087e19c reset author to current user when copying an issue 13 years ago
Romano Licker eaba2414cf add label "Move issue" for breadcrumb 13 years ago
Martin Linkhorst fa26c9ceee remove login explicitly from attributes hash since it is protected 13 years ago
Martin Linkhorst 34dbfb2c83 don't use mass assignment for login field, somebody added it to attr_protected 13 years ago
Martin Linkhorst 235fe06944 use safe attributes rather than mass assignment directly 13 years ago
Romano Licker 44f48962bf automatically fill the parent_id field when duplicating an issue 13 years ago
Martin Linkhorst 2adf2c9c8e Merge remote-tracking branch 'origin/ma_core' into ma_core 13 years ago
jwollert 3f6cfff4ae uses #force_attributes= in watcher test for mass_assignment 13 years ago
jwollert 57c3e8ac1f uses #force_attributes= in version test for mass_assignment 13 years ago
jwollert a1476a450b uses #force_attributes= in user test for mass_assignment 13 years ago
jwollert 369d528982 uses #force_attributes= in project test for mass_assignment 13 years ago
jwollert 7aa9f1923d uses #force_attributes= in member test for mass_assignment 13 years ago
jwollert c0c3a75e48 uses #force_attributes= in issue test for mass_assignment 13 years ago
jwollert 22e55a6acc uses #force_attributes= for mass assignment in issue_nested_set_test 13 years ago
jwollert 0792a68e92 use #force_attributes= in group_test 13 years ago
jwollert 7681d943ad fixes copying projects 13 years ago
jwollert 105ef24862 fixes creation of member_roles 13 years ago
jwollert d9f6b52029 protect relations to users (assigned_to, author_id etc.) in models, too 13 years ago
Martin Linkhorst 337561261a some documentation regarding mass assignment, show full stack trace in console 13 years ago
Martin Linkhorst 696ed97dcd fix: use the old style #force_attributes 13 years ago
Martin Linkhorst 12bb66c264 refactor dealing with mass assignment 13 years ago
Martin Linkhorst 42bc728288 fix to work with protected :project_id 13 years ago
jwollert e0a2b9e768 fixes creation of anonymous user. shouldn't mass assign protected attributes (i.e. login) 13 years ago
Martin Linkhorst 1fce5b6a8f added attr_protected calls to protect mass assignment of :project_id through a view 13 years ago
Romano Licker 13b8c4ac5c fixes indentation on issue list (subject) 13 years ago
Romano Licker 6ef610aea1 fixes indentation of lists 13 years ago
Jean-Philippe Lang f5ac69401d Set user_id as a protected attribute (#922). 13 years ago
Jean-Philippe Lang a6a95c8617 Prevent mass-assignment vulnerability when adding/updating a wiki (#922). 13 years ago
Jean-Philippe Lang 5c6fbc664b Prevent mass-assignment vulnerability when adding/updating a version (#922). 13 years ago
Jean-Philippe Lang 42caba0351 Prevent mass-assignment vulnerability when adding/updating a time entry (#922). 13 years ago
Jean-Philippe Lang ff5472e6f7 Use safe_attributes= just like in #create. (#922) 13 years ago
Jean-Philippe Lang 676bf0f751 Prevent mass-assignment vulnerability when adding/updating a news (#922). 13 years ago
Jean-Philippe Lang 4156485090 Prevent mass-assignment vulnerability when adding/updating a forum message (#922). 13 years ago