github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Implemented strong_parameters for Invite/InvitesController.

Browse Source 
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
This commit is contained in:
Ian Christian Myers
2013-06-05 00:04:03 -07:00
parent 130d837952
commit 3b245031a4
3 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/invites_controller.rb
View File

@ -29,7 +29,7 @@ class InvitesController < ApplicationController
end
def destroy
requires_parameter(:email)
params.require(:email)
invite = Invite.where(invited_by_id: current_user.id, email: params[:email]).first
raise Discourse::InvalidParameters.new(:email) if invite.blank?