Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Ceci n'est pas une mass-assignment vulnerability

  • Loading branch information...
commit 959b20c71a7b872d6495faa49168f06926359717 1 parent 7f17012
Helge Rausch authored
11 app/controllers/phenotypes_controller.rb
View
@@ -23,7 +23,7 @@ def new
end
def create
- unless Phenotype.find_by_characteristic(params[:phenotype][:characteristic])
+ unless @phenotype = Phenotype.find_by_characteristic(params[:phenotype][:characteristic])
@phenotype = Phenotype.create(params[:phenotype])
# award: created one (or more) phenotypes
@@ -32,9 +32,6 @@ def create
check_and_award_new_phenotypes(1, "Created a new phenotype")
check_and_award_new_phenotypes(5, "Created 5 new phenotypes")
check_and_award_new_phenotypes(10, "Created 10 new phenotypes")
-
- else
- @phenotype = Phenotype.find_by_characteristic(params[:phenotype][:characteristic])
end
if params[:phenotype][:characteristic] == ""
@@ -50,9 +47,11 @@ def create
@phenotype = Phenotype.find_by_characteristic(params[:phenotype][:characteristic])
Resque.enqueue(Mailnewphenotype, @phenotype.id,current_user.id)
- if UserPhenotype.find_by_phenotype_id_and_user_id(@phenotype.id,current_user.id) == nil
+ if UserPhenotype.find_by_phenotype_id_and_user_id(@phenotype.id,current_user.id).nil?
- @user_phenotype = UserPhenotype.new(:user_id => current_user.id, :phenotype_id => @phenotype.id, :variation => params[:user_phenotype][:variation])
+ @user_phenotype = current_user.user_phenotypes.new(
+ variation: params[:user_phenotype][:variation])
+ @user_phenotype.phenotype = @phenotype
if @user_phenotype.save
@phenotype.number_of_users = UserPhenotype.find_all_by_phenotype_id(@phenotype.id).length
6 app/models/user_phenotype.rb
View
@@ -2,8 +2,10 @@ class UserPhenotype < ActiveRecord::Base
belongs_to :phenotype
belongs_to :user
validates_presence_of :variation
-
+
+ attr_accessible :variation
+
searchable do
- text :variation
+ text :variation
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.