github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that we sanitize any AC::Parameters in find_or_initialize_with_errors.

Browse Source 
As we are already slicing the Hash, we must be sure that this method will send
 a "safe" object down to the other finder methods that will use the Hash entries
 to do the querying.
This commit is contained in:
Lucas Mazza
2014-09-18 18:15:08 -03:00
parent 952c162bee
commit 39ed332299
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/devise/models/authenticatable.rb
View File

@@ -253,7 +253,7 @@ module Devise
# Find an initialize a group of attributes based on a list of required attributes.
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
attributes = attributes.slice(*required_attributes)
attributes = attributes.slice(*required_attributes).with_indifferent_access
attributes.delete_if { |key, value| value.blank? }
if attributes.size == required_attributes.size