Details

    • Type: Improvement
    • Status: Deployed
    • Priority: Medium
    • Resolution: DeployedToBeta
    • Affects Version/s: 0.9.168
    • Fix Version/s: 0.9.171
    • Required Access Level:
      Admin
    • Milestone:
      Internal 0.9
    • Difficulty:
      Medium
    • Roadmap:
      Admin
    • Components:
      BackEnd

      Description

      Brakeman says:
      Admin::SettingsController
      index
      Unprotected mass assignment near line 6: AdminSetting.create(:last_updated_by => Admin.first)

      Admin::SettingsController
      update
      Unprotected mass assignment near line 12: AdminSetting.create(:last_updated_by => Admin.first)

      How to test:
      This has 100% test coverage, but for manual testing:
      1. Log in as admin at http://test.ao3.org/admin/login
      2. Follow the "Settings" link in the admin navigation
      3. Make sure you can update various admin settings, and that the "Last updated" at the bottom of the page at least kind of reflects reality (note that AO3-4190 To Do exists)

        Attachments

          Activity

            People

            • Assignee:
              kamilogorek Kamil Ogórek (Inactive)
              Reporter:
              sarken sarken
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: