Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: not permitted theme params when importing theme

This commit is contained in:
Joffrey JAFFEUX 2017-12-14 11:25:58 +01:00 committed by GitHub
parent 1eda8c50f0
commit 813df1a3fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/admin/themes_controller.rb
View File

@ -26,13 +26,13 @@ class Admin::ThemesController < Admin::AdminController
def import
@theme = nil
if params[:theme]
json = JSON::parse(params[:theme].read)
uploaded_theme = params.require(:theme)
if uploaded_theme
json = JSON::parse(uploaded_theme.read)
theme = json['theme']
@theme = Theme.new(name: theme["name"], user_id: current_user.id)
theme["theme_fields"]&.each do |field|
if field["raw_upload"]
begin
tmp = Tempfile.new