diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-10-16 23:30:44 -0700 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-10-16 23:30:44 -0700 |
| commit | 03dba1fd4299e7a0364aa94a845aaeca60b0c286 (patch) | |
| tree | fe0716cdf7e410278d1b2edc8ac4f5eb81de6e31 /app/controllers/application_controller.rb | |
| parent | dad831662ad6521dfaf404621b72e551d456ca5c (diff) | |
| parent | aefe2e952f33267ce38fb9270400f4f6f194d37b (diff) | |
| download | gitlab-ce-03dba1fd4299e7a0364aa94a845aaeca60b0c286.tar.gz | |
Merge pull request #5344 from amacarthur/thread-variable-fix
Fixing unsafe use of Thread.current variable :current_user
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 85b95862a17..cfa3cac5e88 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base before_filter :authenticate_user! before_filter :reject_blocked! before_filter :check_password_expiration - before_filter :set_current_user_for_thread + around_filter :set_current_user_for_thread before_filter :add_abilities before_filter :dev_tools if Rails.env == 'development' before_filter :default_headers @@ -50,6 +50,11 @@ class ApplicationController < ActionController::Base def set_current_user_for_thread Thread.current[:current_user] = current_user + begin + yield + ensure + Thread.current[:current_user] = nil + end end def abilities |