From b923a54b2d1a2e51fe56222b7a551522621a4079 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 3 Jun 2017 08:36:39 +0000
Subject: [PATCH] Permit enumeration params.

git-svn-id: http://svn.redmine.org/redmine/trunk@16602 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/enumerations_controller.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/enumerations_controller.rb b/app/controllers/enumerations_controller.rb
index f89662082..273a04019 100644
--- a/app/controllers/enumerations_controller.rb
+++ b/app/controllers/enumerations_controller.rb
@@ -57,7 +57,7 @@ class EnumerationsController < ApplicationController
   end
 
   def update
-    if @enumeration.update_attributes(params[:enumeration])
+    if @enumeration.update_attributes(enumeration_params)
       respond_to do |format|
         format.html {
           flash[:notice] = l(:notice_successful_update)
@@ -91,7 +91,7 @@ class EnumerationsController < ApplicationController
 
   def build_new_enumeration
     class_name = params[:enumeration] && params[:enumeration][:type] || params[:type]
-    @enumeration = Enumeration.new_subclass_instance(class_name, params[:enumeration])
+    @enumeration = Enumeration.new_subclass_instance(class_name, enumeration_params)
     if @enumeration.nil?
       render_404
     end
@@ -102,4 +102,9 @@ class EnumerationsController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render_404
   end
+
+  def enumeration_params
+    # can't require enumeration on #new action
+    params.permit(:enumeration => [:name, :active, :is_default])[:enumeration]
+  end
 end