check names before creating User object (#48162)

(I don't know if creating the User object had any effet on the database but better safe than sorry)
2020-11-01 15:05:49 +01:00 · 2020-11-01 15:05:49 +01:00 · fde4238d4e
parent 6be11d73c7
commit fde4238d4e
1 changed files with 5 additions and 5 deletions
--- a/lib/account_controller_patch.rb
+++ b/lib/account_controller_patch.rb
@ -8,16 +8,16 @@ module AccountControllerNameCheckPatch
          @user = User.new(:language => current_language.to_s)
        else
          user_params = params[:user] || {}
-          @user = User.new
-          @user.safe_attributes = user_params
-          @user.pref.attributes = params[:pref] if params[:pref]
-          @user.admin = false
-          if @user.firstname == @user.lastname
+          if user_params[:firstname] == user_params[:lastname]
            # common spam pattern
            flash[:error] = "Error registering account."
            redirect_to home_url
            return
          end
+          @user = User.new
+          @user.safe_attributes = user_params
+          @user.pref.attributes = params[:pref] if params[:pref]
+          @user.admin = false
          @user.register
          if session[:auth_source_registration]
            @user.activate