Commit 64073185 authored by Robert Speicher's avatar Robert Speicher

Remove `username` from `User#sanitize_attrs` callback

This attribute is since validated against `DynamicPathValidator`, which
has strict requirements for the characters allowed, and should no longer
need to be sanitized in a callback before saving.

This has additional benefits in our test suite, where every creation of
a `User` record was calling `Sanitize.clean` on a username value that
was always clean, since we're the ones generating it.
parent 5ab158f5
No related merge requests found
...@@ -726,9 +726,9 @@ class User < ActiveRecord::Base ...@@ -726,9 +726,9 @@ class User < ActiveRecord::Base
end end
def sanitize_attrs def sanitize_attrs
%w[username skype linkedin twitter].each do |attr| %i[skype linkedin twitter].each do |attr|
value = public_send(attr) # rubocop:disable GitlabSecurity/PublicSend value = self[attr]
public_send("#{attr}=", Sanitize.clean(value)) if value.present? # rubocop:disable GitlabSecurity/PublicSend self[attr] = Sanitize.clean(value) if value.present?
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment