Safer find_by_ call.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11219 e93f8b46-1217-0410-a6f0-8f06a7374b81
2013-01-20 13:50:51 +00:00 · 2013-01-20 13:50:51 +00:00 · 92b92d6bb8
parent 8357426e79
commit 92b92d6bb8
1 changed files with 2 additions and 2 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -134,8 +134,8 @@ class AccountController < ApplicationController

  # Token based account activation
  def activate
-    redirect_to(home_url) && return unless Setting.self_registration? && params[:token]
-    token = Token.find_by_action_and_value('register', params[:token])
+    redirect_to(home_url) && return unless Setting.self_registration? && params[:token].present?
+    token = Token.find_by_action_and_value('register', params[:token].to_s)
    redirect_to(home_url) && return unless token and !token.expired?
    user = token.user
    redirect_to(home_url) && return unless user.registered?