From a8b5bce609089af8795768230c7dd3a9b87cd5e0 Mon Sep 17 00:00:00 2001 From: Philip Arndt Date: Sat, 14 Sep 2013 10:00:42 +1200 Subject: Supported Rails 4 and Refinery 3.0.0.dev --- app/controllers/refinery/blog/posts_controller.rb | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'app/controllers/refinery/blog/posts_controller.rb') diff --git a/app/controllers/refinery/blog/posts_controller.rb b/app/controllers/refinery/blog/posts_controller.rb index 05cd2d6..20ac12b 100644 --- a/app/controllers/refinery/blog/posts_controller.rb +++ b/app/controllers/refinery/blog/posts_controller.rb @@ -2,7 +2,7 @@ module Refinery module Blog class PostsController < BlogController - before_filter :find_all_blog_posts, :except => [:archive] + before_filter :paginate_all_blog_posts, :except => [:archive] before_filter :find_blog_post, :only => [:show, :comment, :update_nav] before_filter :find_tags @@ -10,9 +10,12 @@ module Refinery def index if request.format.rss? - @posts = Post.live.includes(:comments, :categories) - # limit rss feed for services (like feedburner) who have max size - @posts = Post.recent(params["max_results"]) if params["max_results"].present? + @posts = if params["max_results"].present? + # limit rss feed for services (like feedburner) who have max size + Post.recent(params["max_results"]) + else + Post.newest_first.live.includes(:comments, :categories) + end end respond_with (@posts) do |format| format.html @@ -34,7 +37,8 @@ module Refinery end def comment - if (@comment = @post.comments.create(params[:comment])).valid? + @comment = @post.comments.create(params[:comment]) + if @comment.valid? if Comment::Moderation.enabled? or @comment.ham? begin CommentMailer.notification(@comment, request).deliver -- cgit v1.2.3 From de653854e58fe20239df67a0bd5db0576d7ddf89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ug=CC=A7is=20Ozols?= Date: Mon, 27 Jan 2014 11:41:56 +0200 Subject: Use strong parameters. --- app/controllers/refinery/blog/posts_controller.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'app/controllers/refinery/blog/posts_controller.rb') diff --git a/app/controllers/refinery/blog/posts_controller.rb b/app/controllers/refinery/blog/posts_controller.rb index 20ac12b..1cc9698 100644 --- a/app/controllers/refinery/blog/posts_controller.rb +++ b/app/controllers/refinery/blog/posts_controller.rb @@ -2,7 +2,7 @@ module Refinery module Blog class PostsController < BlogController - before_filter :paginate_all_blog_posts, :except => [:archive] + before_filter :find_all_blog_posts, :except => [:archive] before_filter :find_blog_post, :only => [:show, :comment, :update_nav] before_filter :find_tags @@ -37,7 +37,7 @@ module Refinery end def comment - @comment = @post.comments.create(params[:comment]) + @comment = @post.comments.create(comment_params) if @comment.valid? if Comment::Moderation.enabled? or @comment.ham? begin @@ -81,6 +81,12 @@ module Refinery @posts = Post.live.tagged_with(@tag_name).page(params[:page]) end + private + + def comment_params + params.require(:comment).permit(:name, :email, :message) + end + protected def canonical? Refinery::I18n.default_frontend_locale != Refinery::I18n.current_frontend_locale -- cgit v1.2.3