gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Remove unsafe params from antenna old edit page

Browse source
This commit is contained in:
KMY 2023-09-14 18:47:58 +09:00
parent 258a29ffde
commit 22774276e8
3 changed files with 3 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/antennas_controller.rb
View file

@ -5,7 +5,6 @@ class AntennasController < ApplicationController
before_action :authenticate_user!
before_action :set_antenna, only: [:edit, :update, :destroy]
before_action :set_lists, only: [:new, :edit]
before_action :set_body_classes
before_action :set_cache_headers
@ -54,16 +53,12 @@ class AntennasController < ApplicationController
@antenna = current_account.antennas.find(params[:id])
end
def set_lists
@lists = current_account.owned_lists
end
def resource_params
params.require(:antenna).permit(:title, :list, :available, :insert_feeds, :stl, :expires_in, :with_media_only, :ignore_reblog, :keywords_raw, :exclude_keywords_raw, :domains_raw, :exclude_domains_raw, :accounts_raw, :exclude_accounts_raw, :tags_raw, :exclude_tags_raw)
params.require(:antenna).permit(:title, :available, :expires_in)
end
def thin_resource_params
params.require(:antenna).permit(:title, :list)
params.require(:antenna).permit(:title)
end
def set_body_classes

136
app/models/antenna.rb
View file

@ -92,142 +92,6 @@ class Antenna < ApplicationRecord
context
end
def list=(list_id)
list_id = list_id.to_i if list_id.is_a?(String)
if list_id.is_a?(Numeric)
self[:list_id] = list_id
else
self[:list] = list_id
end
end
def keywords_raw
return '' if keywords.blank?
keywords.join("\n")
end
def keywords_raw=(raw)
keywords = raw.split(/\R/).filter { |r| r.present? && r.length >= 2 }.uniq
self[:keywords] = keywords
self[:any_keywords] = keywords.none?
end
def exclude_keywords_raw
return '' if exclude_keywords.blank?
exclude_keywords.join("\n")
end
def exclude_keywords_raw=(raw)
exclude_keywords = raw.split(/\R/).filter(&:present?).uniq
self[:exclude_keywords] = exclude_keywords
end
def tags_raw
antenna_tags.where(exclude: false).map { |tag| tag.tag.name }.join("\n")
end
def tags_raw=(raw)
return if tags_raw == raw
tag_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('#') ? r[1..] : r }.uniq
antenna_tags.where(exclude: false).destroy_all
Tag.find_or_create_by_names(tag_names).each do |tag|
antenna_tags.create!(tag: tag, exclude: false)
end
self[:any_tags] = tag_names.none?
end
def exclude_tags_raw
return '' if exclude_tags.blank?
Tag.where(id: exclude_tags).map(&:name).join("\n")
end
def exclude_tags_raw=(raw)
return if exclude_tags_raw == raw
tags = []
tag_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('#') ? r[1..] : r }.uniq
Tag.find_or_create_by_names(tag_names).each do |tag|
tags << tag.id
end
self[:exclude_tags] = tags
end
def domains_raw
antenna_domains.where(exclude: false).map(&:name).join("\n")
end
def domains_raw=(raw)
return if domains_raw == raw
domain_names = raw.split(/\R/).filter(&:present?).uniq
antenna_domains.where(exclude: false).destroy_all
domain_names.each do |domain|
antenna_domains.create!(name: domain, exclude: false)
end
self[:any_domains] = domain_names.none?
end
def exclude_domains_raw
return '' if exclude_domains.blank?
exclude_domains.join("\n")
end
def exclude_domains_raw=(raw)
return if exclude_domains_raw == raw
domain_names = raw.split(/\R/).filter(&:present?).uniq
self[:exclude_domains] = domain_names
end
def accounts_raw
antenna_accounts.where(exclude: false).map(&:account).map { |account| account.domain ? "@#{account.username}@#{account.domain}" : "@#{account.username}" }.join("\n")
end
def accounts_raw=(raw)
return if accounts_raw == raw
account_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('@') ? r[1..] : r }.uniq
hit = false
antenna_accounts.where(exclude: false).destroy_all
account_names.each do |name|
username, domain = name.split('@')
account = Account.find_by(username: username, domain: domain)
if account.present?
antenna_accounts.create!(account: account, exclude: false)
hit = true
end
end
self[:any_accounts] = !hit
end
def exclude_accounts_raw
return '' if exclude_accounts.blank?
Account.where(id: exclude_accounts).map { |account| account.domain ? "@#{account.username}@#{account.domain}" : "@#{account.username}" }.join("\n")
end
def exclude_accounts_raw=(raw)
return if exclude_accounts_raw == raw
account_names = raw.split(/\R/).filter(&:present?).map { |r| r.start_with?('@') ? r[1..] : r }.uniq
accounts = []
account_names.each do |name|
username, domain = name.split('@')
account = Account.find_by(username: username, domain: domain)
accounts << account.id if account.present?
end
self[:exclude_accounts] = accounts
end
private
def validate_limit

55
app/views/antennas/_antenna_fields.html.haml
View file

@ -8,57 +8,4 @@
= f.input :expires_in, wrapper: :with_label, collection: [30.minutes, 1.hour, 6.hours, 12.hours, 1.day, 1.week].map(&:to_i), label_method: lambda { |i| I18n.t("invites.expires_in.#{i}") }, include_blank: I18n.t('invites.expires_in_prompt')
.fields-row
.fields-group.fields-row__column.fields-row__column-6
= f.input :list, collection: lists, wrapper: :with_label, label_method: lambda { |list| list.title }, label: t('antennas.edit.list'), selected: f.object.list&.id, hint: false, include_blank: '[Insert to Home]'
.fields-group.fields-row__column.fields-row__column-6
= f.input :available, wrapper: :with_label, label: t('antennas.edit.available'), hint: false
.fields-row
= f.input :insert_feeds, wrapper: :with_label, label: t('antennas.edit.insert_feeds')
.fields-row
= f.input :stl, wrapper: :with_label, label: t('antennas.edit.stl'), hint: t('antennas.edit.stl_hint')
%hr.spacer/
%p.hint= t 'antennas.edit.hint'
%hr.spacer/
%h4= t('antennas.contexts.domain')
%p.hint= t 'antennas.edit.domains_hint'
.fields-row
.fields-row__column.fields-row__column-6.fields-group
= f.input :domains_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.domains_raw')
.fields-row__column.fields-row__column-6.fields-group
= f.input :exclude_domains_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_domains_raw')
%h4= t('antennas.contexts.account')
%p.hint= t 'antennas.edit.accounts_hint'
.fields-row
.fields-row__column.fields-row__column-6.fields-group
= f.input :accounts_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.accounts_raw')
.fields-row__column.fields-row__column-6.fields-group
= f.input :exclude_accounts_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_accounts_raw')
%h4= t('antennas.contexts.tag')
.fields-row
.fields-row__column.fields-row__column-6.fields-group
= f.input :tags_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.tags_raw')
.fields-row__column.fields-row__column-6.fields-group
= f.input :exclude_tags_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_tags_raw')
%h4= t('antennas.contexts.keyword')
%p.hint= t 'antennas.edit.keywords_hint'
.fields-row
.fields-row__column.fields-row__column-6.fields-group
= f.input :keywords_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.keywords_raw')
.fields-row__column.fields-row__column-6.fields-group
= f.input :exclude_keywords_raw, wrapper: :with_label, as: :text, input_html: { rows: 5 }, label: t('antennas.edit.exclude_keywords_raw')
%hr.spacer/
.fields-group
= f.input :with_media_only, wrapper: :with_label, label: t('antennas.edit.with_media_only'), hint: false
.fields-group
= f.input :ignore_reblog, wrapper: :with_label, label: t('antennas.edit.ignore_reblog'), hint: false
= f.input :available, wrapper: :with_label, label: t('antennas.edit.available'), hint: false