Fix more parameter sanitisation issues and add tests

[rails.git] / app / controllers / notes_controller.rb

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index f4667bef5f47beaad0ff4da13a95f99e03beeb15..20894c4e83dbe1a0e426eee4a329d66d0945a249 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -279,6 +279,7 @@ class NotesController < ApplicationController
   def mine
     if params[:display_name]
       if @this_user = User.active.find_by(:display_name => params[:display_name])
+        @params = params.permit(:display_name)
         @title = t "note.mine.title", :user => @this_user.display_name
         @heading = t "note.mine.heading", :user => @this_user.display_name
         @description = t "note.mine.subheading", :user => render_to_string(:partial => "user", :object => @this_user)