Details

    • Type: Improvement
    • Status: Deployed
    • Priority: Medium
    • Resolution: DeployedToBeta
    • Affects Version/s: 0.9.169
    • Fix Version/s: 0.9.182
    • Milestone:
      Internal 0.9
    • Difficulty:
      Medium
    • Roadmap:
      Invitation, Visitor
    • Components:
      BackEnd

      Description

      Brakeman says:
      InviteRequestsController
      create
      Mass Assignment
      Unprotected mass assignment near line 24: InviteRequest.new(params[:invite_request])

      How to test:
      We have 80% automated test coverage on /app/controllers/invite_requests_controller.rb (not to be confused with USER invite requests). This is for the create action, so we want to make sure we can request an invite.

      1. Log out
      2. Follow "Get Invited" on the homepage
      3. Fill in the "Email" field for "Add yourself to the list"
      4. Press "Add me to the list"

      It should work! And if you leave the email address field blank, you should get an error message like:
      Sorry! We couldn't save this invite request because:
      Email can't be blank
      Email does not seem to be a valid address.

        Attachments

          Activity

            People

            • Assignee:
              donat Don Denoncourt
              Reporter:
              sarken sarken
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: