fix param sanitizating for account editing

This commit is contained in:
Andrew Cantino 2014-05-26 18:54:49 -07:00
parent 3e6920d49d
commit fc1004fa6f
2 changed files with 5 additions and 2 deletions

View file

@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base
helper :all
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << [:username, :email, :invitation_code]
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me, :invitation_code) }
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
end
end

View file

@ -1,7 +1,7 @@
<% if flash.keys.length > 0 %>
<div class="flash">
<% flash.each do |name, msg| %>
<div class="alert alert-<%= name.to_sym == :notice ? "success" : "error" %> alert-dismissable">
<div class="alert alert-<%= name.to_sym == :notice ? "success" : "danger" %> alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
<%= content_tag :div, msg, :id => "flash_#{name}" if msg.is_a?(String) %>
</div>