Sanitize user attrs on model level

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-07-10 13:48:03 +0300
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2013-07-10 13:48:50 +0300
commit: 8dd6af1466079778fb6a91be9a3d32d7d90275a6 (patch)
tree: dae588fc89ed15ad1c5cacee9f7576fdbf006e57 /app/models/user.rb
parent: 7ebbb6e33f872651c8f92799570d58353a4a08b3 (diff)
download: gitlab-ce-8dd6af1466079778fb6a91be9a3d32d7d90275a6.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 6de8d2d4c39..ddbdec8acfc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -116,7 +116,10 @@ class User < ActiveRecord::Base
   validate :namespace_uniq, if: ->(user) { user.username_changed? }
 
   before_validation :generate_password, on: :create
+  before_validation :sanitize_attrs
+
   before_save :ensure_authentication_token
+
   alias_attribute :private_token, :authentication_token
 
   delegate :path, to: :namespace, allow_nil: true, prefix: true
@@ -371,4 +374,11 @@ class User < ActiveRecord::Base
   def created_by
     User.find_by_id(created_by_id) if created_by_id
   end
+
+  def sanitize_attrs
+    %w(name username skype linkedin twitter bio).each do |attr|
+      value = self.send(attr)
+      self.send("#{attr}=", Sanitize.clean(value)) if value.present?
+    end
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-07-10 13:48:03 +0300
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2013-07-10 13:48:50 +0300
commit	8dd6af1466079778fb6a91be9a3d32d7d90275a6 (patch)
tree	dae588fc89ed15ad1c5cacee9f7576fdbf006e57 /app/models/user.rb
parent	7ebbb6e33f872651c8f92799570d58353a4a08b3 (diff)
download	gitlab-ce-8dd6af1466079778fb6a91be9a3d32d7d90275a6.tar.gz