diff options
author | azul <azul@riseup.net> | 2016-11-21 10:58:00 +0000 |
---|---|---|
committer | azul <azul@riseup.net> | 2016-11-21 10:58:00 +0000 |
commit | cf5e96128f27597e878d088443078c0e188895b5 (patch) | |
tree | c72abe71c0c44c36fda0d171769f7e8ff26d7e38 /engines/support/app/controllers | |
parent | 6f1a49ec7e094191ff52f56d3a436aea81323ba1 (diff) | |
parent | 9e9c69c1357882d4221d1c511c3c7f6b36c094cc (diff) |
Merge branch 'bugfix/handle-missing-ticket-params' into 'master'
bugfix: handle missing params for ticket gracefully
This used to trigger a 500.
Fixes [#8395](https://leap.se/code/issues/8395)
See merge request !11
Diffstat (limited to 'engines/support/app/controllers')
-rw-r--r-- | engines/support/app/controllers/tickets_controller.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb index 8cccc2f..c20ef6a 100644 --- a/engines/support/app/controllers/tickets_controller.rb +++ b/engines/support/app/controllers/tickets_controller.rb @@ -19,7 +19,7 @@ class TicketsController < ApplicationController end def create - @ticket = Ticket.new(params[:ticket]) + @ticket = Ticket.new ticket_params #protecting posted_by isn't working, so this should protect it: @ticket.comments.last.posted_by = current_user.id @@ -89,6 +89,12 @@ class TicketsController < ApplicationController @title = t("layouts.title.tickets") end + def ticket_params + # make sure we have everything we need... + params.require(:ticket).require(:comments_attributes).require('0') + params.require(:ticket) + end + private # |