consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Increase notifiable access security on add notification method

Browse Source
This commit is contained in:
Bertocq
2018-01-26 11:24:13 +01:00
parent f4ad0b2979
commit 5e583d2015
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/comments_controller.rb
View File

@@ -79,7 +79,8 @@ class CommentsController < ApplicationController
def add_notification(comment) def add_notification(comment)
notifiable = comment.reply? ? comment.parent : comment.commentable notifiable = comment.reply? ? comment.parent : comment.commentable
if notifiable&.author_id.present? && notifiable.author_id != comment.author_id notifiable_author_id = notifiable.try(:author_id)
if notifiable_author_id.present? && notifiable_author_id != comment.author_id
Notification.add(notifiable.author_id, notifiable) Notification.add(notifiable.author_id, notifiable)
end end
end end