From 5de377c5eef31a265b1a5384c2d688f2f2709d67 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 6 Mar 2012 19:52:10 +0000
Subject: [PATCH] Use safe_attributes= just like in #create. (#922)

---
 app/controllers/projects_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 92cebbfd..c93c97a2 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -59,7 +59,8 @@ class ProjectsController < ApplicationController
   def new
     @issue_custom_fields = IssueCustomField.find(:all, :order => "#{CustomField.table_name}.position")
     @trackers = Tracker.all
-    @project = Project.new(params[:project])
+    @project = Project.new
+    @project.safe_attributes = params[:project]
   end
 
   verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }