diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-07-10 13:48:03 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-07-10 13:48:50 +0300 |
commit | 8dd6af1466079778fb6a91be9a3d32d7d90275a6 (patch) | |
tree | dae588fc89ed15ad1c5cacee9f7576fdbf006e57 /app/models/user.rb | |
parent | 7ebbb6e33f872651c8f92799570d58353a4a08b3 (diff) | |
download | gitlab-ce-8dd6af1466079778fb6a91be9a3d32d7d90275a6.tar.gz |
Sanitize user attrs on model level
Diffstat (limited to 'app/models/user.rb')
-rw-r--r-- | app/models/user.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 6de8d2d4c39..ddbdec8acfc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -116,7 +116,10 @@ class User < ActiveRecord::Base validate :namespace_uniq, if: ->(user) { user.username_changed? } before_validation :generate_password, on: :create + before_validation :sanitize_attrs + before_save :ensure_authentication_token + alias_attribute :private_token, :authentication_token delegate :path, to: :namespace, allow_nil: true, prefix: true @@ -371,4 +374,11 @@ class User < ActiveRecord::Base def created_by User.find_by_id(created_by_id) if created_by_id end + + def sanitize_attrs + %w(name username skype linkedin twitter bio).each do |attr| + value = self.send(attr) + self.send("#{attr}=", Sanitize.clean(value)) if value.present? + end + end end |