Mercurial > hg > soundsoftware-site

diff app/controllers/timelog_controller.rb @ 929:5f33065ddc4b redmine-1.3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine SVN rev 9414 on 1.3-stable branch
author Chris Cannam
date Wed, 27 Jun 2012 14:54:18 +0100
parents cbb26bc654de
children 433d4f72a19b
line wrap: on
line diff
--- a/app/controllers/timelog_controller.rb	Fri Feb 24 19:09:32 2012 +0000
+++ b/app/controllers/timelog_controller.rb	Wed Jun 27 14:54:18 2012 +0100
@@ -105,7 +105,7 @@
 
   def new
     @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
 
     call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
     render :action => 'edit'
@@ -114,7 +114,7 @@
   verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
   def create
     @time_entry ||= TimeEntry.new(:project => @project, :issue => @issue, :user => User.current, :spent_on => User.current.today)
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
 
     call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
 
@@ -135,14 +135,14 @@
   end
 
   def edit
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
 
     call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
   end
 
   verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
   def update
-    @time_entry.attributes = params[:time_entry]
+    @time_entry.safe_attributes = params[:time_entry]
 
     call_hook(:controller_timelog_edit_before_save, { :params => params, :time_entry => @time_entry })
 
@@ -173,7 +173,7 @@
     unsaved_time_entry_ids = []
     @time_entries.each do |time_entry|
       time_entry.reload
-      time_entry.attributes = attributes
+      time_entry.safe_attributes = attributes
       call_hook(:controller_time_entries_bulk_edit_before_save, { :params => params, :time_entry => time_entry })
       unless time_entry.save
         # Keep unsaved time_entry ids to display them in flash error