fix param sanitizating for account editing
Andrew Cantino
共有 2 个文件被更改,包括 5 次插入 和 2 次删除
+ 4
- 1
app/controllers/application_controller.rb
@@ -7,7 +7,10 @@ class ApplicationController < ActionController::Base |
||
| 7 | 7 |
helper :all |
| 8 | 8 |
|
| 9 | 9 |
protected |
| 10 |
+ |
|
| 10 | 11 |
def configure_permitted_parameters |
| 11 |
- devise_parameter_sanitizer.for(:sign_up) << [:username, :email, :invitation_code] |
|
| 12 |
+ devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation, :remember_me, :invitation_code) }
|
|
| 13 |
+ devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:login, :username, :email, :password, :remember_me) }
|
|
| 14 |
+ devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
|
|
| 12 | 15 |
end |
| 13 | 16 |
end |
+ 1
- 1
app/views/layouts/_messages.html.erb
@@ -1,7 +1,7 @@ |
||
| 1 | 1 |
<% if flash.keys.length > 0 %> |
| 2 | 2 |
<div class="flash"> |
| 3 | 3 |
<% flash.each do |name, msg| %> |
| 4 |
- <div class="alert alert-<%= name.to_sym == :notice ? "success" : "error" %> alert-dismissable"> |
|
| 4 |
+ <div class="alert alert-<%= name.to_sym == :notice ? "success" : "danger" %> alert-dismissable"> |
|
| 5 | 5 |
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button> |
| 6 | 6 |
<%= content_tag :div, msg, :id => "flash_#{name}" if msg.is_a?(String) %>
|
| 7 | 7 |
</div> |