fix param sanitizating for account editing

2025-03-15 19:31:26 +00:00 · 2014-05-26 18:54:49 -07:00 · 2014-05-26 18:54:49 -07:00 · fc1004fa6f
commit fc1004fa6f
parent 3e6920d49d
2 changed files with 5 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base
  helper :all

  protected
+
  def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:sign_up) << [:username, :email, :invitation_code]
+    devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me, :invitation_code) }
+    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
+    devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
  end
 end
--- a/app/views/layouts/_messages.html.erb
+++ b/app/views/layouts/_messages.html.erb
@ -1,7 +1,7 @@
 <% if flash.keys.length > 0 %>
  <div class="flash">
    <% flash.each do |name, msg| %>
-      <div class="alert alert-<%= name.to_sym == :notice ? "success" : "error" %> alert-dismissable">
+      <div class="alert alert-<%= name.to_sym == :notice ? "success" : "danger" %> alert-dismissable">
        <button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
        <%= content_tag :div, msg, :id => "flash_#{name}" if msg.is_a?(String) %>
      </div>