mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 05:04:22 +08:00
0d01c33482
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that. The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method. It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
30 lines
736 B
Ruby
30 lines
736 B
Ruby
class ClicksController < ApplicationController
|
|
|
|
skip_before_filter :check_xhr
|
|
|
|
def track
|
|
params = track_params.merge(ip: request.remote_ip)
|
|
|
|
if params[:topic_id].present? || params[:post_id].present?
|
|
params.merge!({ user_id: current_user.id }) if current_user.present?
|
|
TopicLinkClick.create_from(params)
|
|
end
|
|
|
|
# Sometimes we want to record a link without a 302. Since XHR has to load the redirected
|
|
# URL we want it to not return a 302 in those cases.
|
|
if params[:redirect] == 'false'
|
|
render nothing: true
|
|
else
|
|
redirect_to(params[:url])
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def track_params
|
|
params.require(:url)
|
|
params.permit(:url, :post_id, :topic_id, :redirect)
|
|
end
|
|
|
|
end
|