Details

    • Type: Improvement
    • Status: Deployed
    • Priority: Medium
    • Resolution: DeployedToBeta
    • Affects Version/s: 0.9.168
    • Fix Version/s: 0.9.172
    • Milestone:
      Internal 0.9
    • Difficulty:
      Medium
    • Roadmap:
      User
    • Components:
      BackEnd

      Description

      Brakeman says:
      PreferencesController
      index
      Unprotected mass assignment near line 15: Preference.create(:user_id => User.find_by_login(params[:us...

      Confidence level is "Weak," so we may or may not need to change something here.

      How to test:
      89% test coverage.

      It looks like this particular line relates to creating preferences if the user doesn't already have any, so I'd suggest creating a new account, activating it, and then:
      1. Log in
      2. Hi, username! > My Preferences
      3. Use the form to change your preferences
      4. Press Update

      If the preferences page loads and you can update it, this should be good.

      Note that if you don't have invitations in your account on staging, you'll need to get someone with admin access to either (a) send you an invitation or (b) enable account creation without an invitation.

      Update:
      We didn't need strong parameters here – we removed the unnecessary "create preferences if they don't exist" fallback instead.

        Attachments

          Activity

            People

            • Assignee:
              kamilogorek Kamil Ogórek (Inactive)
              Reporter:
              sarken sarken
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: