Commit Graph

115 Commits

Author SHA1 Message Date
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Ian Christian Myers 41528f5d11 Implemented strong_parameters for Upload/UploadsController.
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Régis Hanol e3e55d4dad fix image uploads on s3/imgur 2013-06-05 00:35:42 +02:00
Régis Hanol 6cc0f8f2d4 added more file uploads test for better coverage 2013-05-31 03:13:37 +02:00
Sam ca2dee52db moved comments to the bottom, they are way less intrusive there 2013-05-24 12:48:32 +10:00
Sam 2cd95bc649 lets try out annotations 2013-05-24 12:35:14 +10:00
Régis Hanol dca2fbcefc add meaningful error message on upload [fixes #773] 2013-04-27 20:26:17 +02:00
Shane Liesegang 42fdbe2fb6 Fixing Amazon uploads to not be hardcoded to https
Amazon S3 uploads are currently hardcoded to use https, where they should probably use whatever protocol the rest of the site is using. Removing the protocol and just using "//" links should accomplish that.
2013-04-19 22:05:51 -03:00
Régis Hanol 1692350336 added some tests for uploads 2013-04-07 17:52:46 +02:00
Wojciech Kocjan 0481fbae8c Fix for reply to user avatar and picture uploading not working when editing post with discourse running in a prefix 2013-04-05 12:46:14 +02:00
Régis Hanol 0aff5042e5 FIX: S3 image upload 2013-03-30 17:56:25 +01:00
Gosha Arinich 6e5399d544 minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 21:54:12 +03:00
Neil Lalonde 68f32af240 User hashed name for local uploads instead of 'blob' 2013-02-14 12:08:37 -05:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00