mirror of
https://github.com/Retrospring/retrospring.git
synced 2025-03-16 06:50:00 +01:00
Fix dangerous send exploit
This commit is contained in:
parent
5d3d3a68e7
commit
4b891b3f70
1 changed files with 14 additions and 2 deletions
|
@ -174,7 +174,19 @@ class Ajax::ModerationController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
@checked = status
|
@checked = status
|
||||||
target_user.send("#{params[:type]}=", status)
|
case params[:type].downcase
|
||||||
|
when 'blogger'
|
||||||
|
target_user.blogger = status
|
||||||
|
when 'contributor'
|
||||||
|
target_user.contributor = status
|
||||||
|
when 'translator'
|
||||||
|
target_user.translator = status
|
||||||
|
when 'supporter'
|
||||||
|
target_user.translator = status
|
||||||
|
when 'moderator'
|
||||||
|
target_user.translator = status
|
||||||
|
when 'admin'
|
||||||
|
target_user.translator = status
|
||||||
target_user.save!
|
target_user.save!
|
||||||
|
|
||||||
@message = I18n.t('messages.moderation.privilege.checked', privilege: params[:type])
|
@message = I18n.t('messages.moderation.privilege.checked', privilege: params[:type])
|
||||||
|
|
Loading…
Reference in a new issue