diff options
| author | Louise Crow <louise.crow@gmail.com> | 2014-09-09 18:48:55 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-09-09 20:19:15 +0100 |
| commit | ba0a52a98a916cb006fd18465c8e32aeeff2debe (patch) | |
| tree | 05b755721e7312e920d81de49f16151feebb4bf8 /app/controllers | |
| parent | 9389a3fe34457d63e2e34772bb0b244bbd4469b1 (diff) | |
Whitelist user controller signup params0.12.0.6hotfix/0.12.0.6
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/user_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 1bf5a5316..a1f546ec0 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -196,7 +196,7 @@ class UserController < ApplicationController work_out_post_redirect @request_from_foreign_country = country_from_ip != AlaveteliConfiguration::iso_country_code # Make the user and try to save it - @user_signup = User.new(params[:user_signup]) + @user_signup = User.new(user_params(:user_signup)) error = false if @request_from_foreign_country && !verify_recaptcha flash.now[:error] = _("There was an error with the words you entered, please try again.") @@ -598,6 +598,10 @@ class UserController < ApplicationController private + def user_params(key = :user) + params[key].slice(:name, :email, :password, :password_confirmation) + end + def is_modal_dialog (params[:modal].to_i != 0) end |