X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/26855add3861ad496efdcae8598ffdf7d1116074..bd8d207ea42baa50f0a09daa31630c4e3014ac93:/app/controllers/user_controller.rb

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index a7822e47f..6f2894e3d 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -251,7 +251,7 @@ class UserController < ApplicationController
     else
       session[:referer] = params[:referer]
 
-      @user = User.new(params[:user])
+      @user = User.new(user_params)
       @user.status = "pending"
 
       if @user.openid_url.present? && @user.pass_crypt.empty?
@@ -732,7 +732,7 @@ private
 
       cookies.permanent["_osm_username"] = user.display_name
 
-      if user.new_email.blank?
+      if user.new_email.blank? or user.new_email == user.email
         flash.now[:notice] = t 'user.account.flash update success'
       else
         user.email = user.new_email
@@ -809,4 +809,10 @@ private
     # it's .now so that this doesn't propagate to other pages.
     flash.now[:skip_terms] = true
   end
+
+  ##
+  # return permitted user parameters
+  def user_params
+    params.require(:user).permit(:email, :email_confirmation, :display_name, :openid_url, :pass_crypt, :pass_crypt_confirmation)
+  end
 end