--- a/app/controllers/messages_controller.rb	Fri Feb 24 19:09:32 2012 +0000
+++ b/app/controllers/messages_controller.rb	Wed Jun 27 14:54:18 2012 +0100
@@ -53,13 +53,10 @@
 
   # Create a new topic
   def new
-    @message = Message.new(params[:message])
+    @message = Message.new
     @message.author = User.current
     @message.board = @board
-    if params[:message] && User.current.allowed_to?(:edit_messages, @project)
-      @message.locked = params[:message]['locked']
-      @message.sticky = params[:message]['sticky']
-    end
+    @message.safe_attributes = params[:message]
     if request.post? && @message.save
       call_hook(:controller_messages_new_after_save, { :params => params, :message => @message})
       attachments = Attachment.attach_files(@message, params[:attachments])
@@ -70,9 +67,10 @@
 
   # Reply to a topic
   def reply
-    @reply = Message.new(params[:reply])
+    @reply = Message.new
     @reply.author = User.current
     @reply.board = @board
+    @reply.safe_attributes = params[:reply]
     @topic.children << @reply
     if !@reply.new_record?
       call_hook(:controller_messages_reply_after_save, { :params => params, :message => @reply})
@@ -85,11 +83,8 @@
   # Edit a message
   def edit
     (render_403; return false) unless @message.editable_by?(User.current)
-    if params[:message]
-      @message.locked = params[:message]['locked']
-      @message.sticky = params[:message]['sticky']
-    end
-    if request.post? && @message.update_attributes(params[:message])
+    @message.safe_attributes = params[:message]
+    if request.post? && @message.save
       attachments = Attachment.attach_files(@message, params[:attachments])
       render_attachment_warning_if_needed(@message)
       flash[:notice] = l(:notice_successful_update)