diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2017-04-04 01:33:34 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-04-04 01:33:34 +0200 |
commit | 4c53af64f0b10bc11473df5e3fd1cd7a11b755f6 (patch) | |
tree | 9bad122ae3a66b4171f48947cbb33496e2f8b2de /app/controllers/api/v1/statuses_controller.rb | |
parent | f722bd2387df9163760014e9555928ec487ae95f (diff) |
Fix ActionController::Parameters in API issue
Diffstat (limited to 'app/controllers/api/v1/statuses_controller.rb')
-rw-r--r-- | app/controllers/api/v1/statuses_controller.rb | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 024258c0e..4ece7e702 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -62,11 +62,11 @@ class Api::V1::StatusesController < ApiController end def create - @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids], - sensitive: params[:sensitive], - spoiler_text: params[:spoiler_text], - visibility: params[:visibility], - application: doorkeeper_token.application) + @status = PostStatusService.new.call(current_user.account, status_params[:status], status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]), media_ids: status_params[:media_ids], + sensitive: status_params[:sensitive], + spoiler_text: status_params[:spoiler_text], + visibility: status_params[:visibility], + application: doorkeeper_token.application) render action: :show end @@ -111,4 +111,8 @@ class Api::V1::StatusesController < ApiController @status = Status.find(params[:id]) raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account) end + + def status_params + params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, media_ids: []) + end end |