diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2017-08-11 13:27:38 -0400 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2017-08-11 13:27:38 -0400 |
| commit | 64073185adcb3eec40eda05e11f9bf47f646bf9d (patch) | |
| tree | 276540d841e56ba38493a1106104879ecde22f6e | |
| parent | 5ab158f5459dc774f4613cab43de721b6366d833 (diff) | |
| download | gitlab-ce-rs-remove-username-from-sanitize-attrs.tar.gz | |
Remove `username` from `User#sanitize_attrs` callbackrs-remove-username-from-sanitize-attrs
This attribute is since validated against `DynamicPathValidator`, which
has strict requirements for the characters allowed, and should no longer
need to be sanitized in a callback before saving.
This has additional benefits in our test suite, where every creation of
a `User` record was calling `Sanitize.clean` on a username value that
was always clean, since we're the ones generating it.
| -rw-r--r-- | app/models/user.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 7935b89662b..42a1ac40c6c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -726,9 +726,9 @@ class User < ActiveRecord::Base end def sanitize_attrs - %w[username skype linkedin twitter].each do |attr| - value = public_send(attr) # rubocop:disable GitlabSecurity/PublicSend - public_send("#{attr}=", Sanitize.clean(value)) if value.present? # rubocop:disable GitlabSecurity/PublicSend + %i[skype linkedin twitter].each do |attr| + value = self[attr] + self[attr] = Sanitize.clean(value) if value.present? end end |