diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb
index c5bf76f8c39dabd76a181ed3fec971905a98b74b..0a463239d7496d7e27f8d7b1eb998ad1ab95df4f 100644
--- a/app/controllers/admin/hooks_controller.rb
+++ b/app/controllers/admin/hooks_controller.rb
@@ -5,7 +5,7 @@ class Admin::HooksController < Admin::ApplicationController
end
def create
- @hook = SystemHook.new(params[:hook])
+ @hook = SystemHook.new(hook_params)
if @hook.save
redirect_to admin_hooks_path, notice: 'Hook was successfully created.'
@@ -37,4 +37,8 @@ class Admin::HooksController < Admin::ApplicationController
redirect_to :back
end
+
+ def hook_params
+ params.require(:hook).permit(:url)
+ end
end
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index b34ce5265d981f685f6977136748dddd120fe817..268e19f26eedb439e310e826cdab5fb5bf8c7971 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -42,6 +42,6 @@ class Projects::HooksController < Projects::ApplicationController
end
def hook_params
- params.require(:hook).permit(:url)
+ params.require(:hook).permit(:url, :push_events, :issues_events, :merge_requests_events, :tag_push_events)
end
end
diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb
index c38c77d6b85571c25a034d203c9947abf8a5e098..d338cdedfaf234fd50d6c1e67b08dc695bd09a58 100644
--- a/app/controllers/projects/milestones_controller.rb
+++ b/app/controllers/projects/milestones_controller.rb
@@ -37,7 +37,7 @@ class Projects::MilestonesController < Projects::ApplicationController
end
def create
- @milestone = Milestones::CreateService.new(project, current_user, params[:milestone]).execute
+ @milestone = Milestones::CreateService.new(project, current_user, milestone_params).execute
if @milestone.save
redirect_to project_milestone_path(@project, @milestone)
@@ -47,7 +47,7 @@ class Projects::MilestonesController < Projects::ApplicationController
end
def update
- @milestone = Milestones::UpdateService.new(project, current_user, params[:milestone]).execute(milestone)
+ @milestone = Milestones::UpdateService.new(project, current_user, milestone_params).execute(milestone)
respond_to do |format|
format.js
@@ -105,4 +105,8 @@ class Projects::MilestonesController < Projects::ApplicationController
def module_enabled
return render_404 unless @project.issues_enabled
end
+
+ def milestone_params
+ params.require(:milestone).permit(:title, :description, :due_date, :state_event)
+ end
end
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index f93f2d5f9bb9fa44240dac416c5839c70e32f088..25026973118b83b4d2405dc6e65c24d5bd5a3fed 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -25,7 +25,7 @@ class Projects::SnippetsController < Projects::ApplicationController
end
def create
- @snippet = @project.snippets.build(params[:project_snippet])
+ @snippet = @project.snippets.build(snippet_params)
@snippet.author = current_user
if @snippet.save
@@ -39,7 +39,7 @@ class Projects::SnippetsController < Projects::ApplicationController
end
def update
- if @snippet.update_attributes(params[:project_snippet])
+ if @snippet.update_attributes(snippet_params)
redirect_to project_snippet_path(@project, @snippet)
else
respond_with(@snippet)
@@ -86,4 +86,8 @@ class Projects::SnippetsController < Projects::ApplicationController
def module_enabled
return render_404 unless @project.snippets_enabled
end
+
+ def snippet_params
+ params.require(:project_snippet).permit(:title, :content, :file_name, :private)
+ end
end
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 4fe98f804dce60677ec0037ecb3c166f103569bf..e75db61e680397943da34727fea149afcf4868cb 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -51,7 +51,7 @@ class SnippetsController < ApplicationController
end
def create
- @snippet = PersonalSnippet.new(params[:personal_snippet])
+ @snippet = PersonalSnippet.new(snippet_params)
@snippet.author = current_user
if @snippet.save
@@ -65,7 +65,7 @@ class SnippetsController < ApplicationController
end
def update
- if @snippet.update_attributes(params[:personal_snippet])
+ if @snippet.update_attributes(snippet_params)
redirect_to snippet_path(@snippet)
else
respond_with @snippet
@@ -109,4 +109,8 @@ class SnippetsController < ApplicationController
def set_title
@title = 'Snippets'
end
+
+ def snippet_params
+ params.require(:personal_snippet).permit(:title, :content, :file_name, :private)
+ end
end
diff --git a/app/models/milestone.rb b/app/models/milestone.rb
index e28de72c37f8b0f82ca38f13056ab31b6eb561c4..8fd3e56d2eec13f55f18c0bf42243b68507c5cbf 100644
--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -16,8 +16,6 @@
class Milestone < ActiveRecord::Base
include InternalId
- #attr_accessible :title, :description, :due_date, :state_event
-
belongs_to :project
has_many :issues
has_many :merge_requests
diff --git a/app/models/project_hook.rb b/app/models/project_hook.rb
index ffede4c7025673c60d8e062c9f46a8c6c80ee9cf..21867a9316c37c79d87d32093fbb9a1226a82b45 100644
--- a/app/models/project_hook.rb
+++ b/app/models/project_hook.rb
@@ -18,8 +18,6 @@
class ProjectHook < WebHook
belongs_to :project
- #attr_accessible :push_events, :issues_events, :merge_requests_events, :tag_push_events
-
scope :push_hooks, -> { where(push_events: true) }
scope :tag_push_hooks, -> { where(tag_push_events: true) }
scope :issue_hooks, -> { where(issues_events: true) }
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index 958697f70cd0b40fde4bc148fe8d150f4d5b66f9..2c38e7939bd59249ae517f83bc358c8512d7183f 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -18,8 +18,6 @@
class Snippet < ActiveRecord::Base
include Linguist::BlobHelper
- #attr_accessible :title, :content, :file_name, :expires_at, :private
-
default_value_for :private, true
belongs_to :author, class_name: "User"