Sanitize user attrs on model level

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-07-10 13:48:03 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-07-10 13:48:50 +0300
commit: 8dd6af1466079778fb6a91be9a3d32d7d90275a6 (patch)
tree: dae588fc89ed15ad1c5cacee9f7576fdbf006e57 /app/controllers/profiles_controller.rb
parent: 7ebbb6e33f872651c8f92799570d58353a4a08b3 (diff)
download: gitlab-ce-8dd6af1466079778fb6a91be9a3d32d7d90275a6.tar.gz
1 files changed, 1 insertions, 14 deletions
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 686edd8af80..6fa635d0e36 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -17,7 +17,7 @@ class ProfilesController < ApplicationController
   end
 
   def update
-    if @user.update_attributes(user_attributes)
+    if @user.update_attributes(params[:user])
       flash[:notice] = "Profile was successfully updated"
     else
       flash[:alert] = "Failed to update profile"
@@ -69,19 +69,6 @@ class ProfilesController < ApplicationController
     @user = current_user
   end
 
-  def user_attributes
-    user_attributes = params[:user]
-
-    # Sanitize user input because we dont have strict
-    # validation for this fields
-    %w(name skype linkedin twitter bio).each do |attr|
-      value = user_attributes[attr]
-      user_attributes[attr] = sanitize(strip_tags(value)) if value.present?
-    end
-
-    user_attributes
-  end
-
   def authorize_change_password!
     return render_404 if @user.ldap_user?
   end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-07-10 13:48:03 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-07-10 13:48:50 +0300
commit	8dd6af1466079778fb6a91be9a3d32d7d90275a6 (patch)
tree	dae588fc89ed15ad1c5cacee9f7576fdbf006e57 /app/controllers/profiles_controller.rb
parent	7ebbb6e33f872651c8f92799570d58353a4a08b3 (diff)
download	gitlab-ce-8dd6af1466079778fb6a91be9a3d32d7d90275a6.tar.gz