added security fix for edit

2014-07-31 17:42:11 +08:00 · 2014-07-31 17:42:11 +08:00 · 94855f8900
parent dd60393057
commit 94855f8900
1 changed files with 5 additions and 1 deletions
--- a/app/controllers/admin/ad_images_controller.rb
+++ b/app/controllers/admin/ad_images_controller.rb
@ -11,8 +11,12 @@ class Admin::AdImagesController < Admin::AdBannersController
  def edit
    @ad_image = AdImage.find(params[:id])
    if can_edit_or_delete?(@ad_image)
     @ad_banners = Banner.all
-    @tags = @module_app.tags || []
+      @tags = @module_app.tags || []
    else
      render_401
    end
  end
  def update