Fixing unsafe use of Thread.current variable :current_user

author: Angus MacArthur <amacarthur@blackberry.com> 2013-10-04 15:11:50 -0400
committer: Angus MacArthur <amacarthur@blackberry.com> 2013-10-16 01:20:53 -0400
commit: aefe2e952f33267ce38fb9270400f4f6f194d37b (patch)
tree: 3546807c2b7942585a41cfb1163dc5e6a69e40e0 /app
parent: a8eb525e72f6883a07539af9429ccd41dbc8698b (diff)
download: gitlab-ce-aefe2e952f33267ce38fb9270400f4f6f194d37b.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 85b95862a17..cfa3cac5e88 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,7 +2,7 @@ class ApplicationController < ActionController::Base
   before_filter :authenticate_user!
   before_filter :reject_blocked!
   before_filter :check_password_expiration
-  before_filter :set_current_user_for_thread
+  around_filter :set_current_user_for_thread
   before_filter :add_abilities
   before_filter :dev_tools if Rails.env == 'development'
   before_filter :default_headers
@@ -50,6 +50,11 @@ class ApplicationController < ActionController::Base
 
   def set_current_user_for_thread
     Thread.current[:current_user] = current_user
+    begin
+      yield
+    ensure
+      Thread.current[:current_user] = nil
+    end
   end
 
   def abilities
author	Angus MacArthur <amacarthur@blackberry.com>	2013-10-04 15:11:50 -0400
committer	Angus MacArthur <amacarthur@blackberry.com>	2013-10-16 01:20:53 -0400
commit	aefe2e952f33267ce38fb9270400f4f6f194d37b (patch)
tree	3546807c2b7942585a41cfb1163dc5e6a69e40e0 /app
parent	a8eb525e72f6883a07539af9429ccd41dbc8698b (diff)
download	gitlab-ce-aefe2e952f33267ce38fb9270400f4f6f194d37b.tar.gz