sprinkle some to_s paranoia on params where it matters
This commit is contained in:
parent
305789381c
commit
75570194ac
|
@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
def authenticate_user
|
||||
if session[:u]
|
||||
@user = User.find_by_session_token(session[:u])
|
||||
@user = User.find_by_session_token(session[:u].to_s)
|
||||
end
|
||||
|
||||
true
|
||||
|
|
|
@ -17,7 +17,7 @@ class CommentsController < ApplicationController
|
|||
comment.story_id = story.id
|
||||
comment.user_id = @user.id
|
||||
|
||||
if params[:parent_comment_short_id]
|
||||
if params[:parent_comment_short_id].present?
|
||||
if pc = Comment.find_by_story_id_and_short_id(story.id,
|
||||
params[:parent_comment_short_id])
|
||||
comment.parent_comment_id = pc.id
|
||||
|
|
|
@ -15,8 +15,9 @@ class LoginController < ApplicationController
|
|||
end
|
||||
|
||||
def login
|
||||
if (user = User.where("email = ? OR username = ?", params[:email],
|
||||
params[:email]).first) && user.try(:authenticate, params[:password])
|
||||
if (user = User.where("email = ? OR username = ?", params[:email].to_s,
|
||||
params[:email].to_s).first) &&
|
||||
user.try(:authenticate, params[:password].to_s)
|
||||
session[:u] = user.session_token
|
||||
return redirect_to "/"
|
||||
end
|
||||
|
@ -31,8 +32,8 @@ class LoginController < ApplicationController
|
|||
end
|
||||
|
||||
def reset_password
|
||||
@found_user = User.where("email = ? OR username = ?", params[:email],
|
||||
params[:email]).first
|
||||
@found_user = User.where("email = ? OR username = ?", params[:email].to_s,
|
||||
params[:email].to_s).first
|
||||
|
||||
if !@found_user
|
||||
flash.now[:error] = "Invalid e-mail address or username."
|
||||
|
@ -50,13 +51,13 @@ class LoginController < ApplicationController
|
|||
@title = "Reset Password"
|
||||
|
||||
if params[:token].blank? ||
|
||||
!(@reset_user = User.find_by_password_reset_token(params[:token]))
|
||||
!(@reset_user = User.find_by_password_reset_token(params[:token].to_s))
|
||||
flash[:error] = "Invalid reset token. It may have already been " <<
|
||||
"used or you may have copied it incorrectly."
|
||||
return redirect_to forgot_password_url
|
||||
end
|
||||
|
||||
if !params[:password].blank?
|
||||
if params[:password].present?
|
||||
@reset_user.password = params[:password]
|
||||
@reset_user.password_confirmation = params[:password_confirmation]
|
||||
@reset_user.password_reset_token = nil
|
||||
|
|
|
@ -96,7 +96,7 @@ class MessagesController < ApplicationController
|
|||
|
||||
private
|
||||
def find_message
|
||||
if @message = Message.find_by_short_id(params[:message_id ] || params[:id])
|
||||
if @message = Message.find_by_short_id(params[:message_id] || params[:id])
|
||||
if (@message.author_user_id == @user.id ||
|
||||
@message.recipient_user_id == @user.id)
|
||||
return true
|
||||
|
|
|
@ -5,12 +5,12 @@ class SearchController < ApplicationController
|
|||
|
||||
@search = Search.new
|
||||
|
||||
if params[:q].present?
|
||||
@search.q = params[:q]
|
||||
if params[:q].to_s.present?
|
||||
@search.q = params[:q].to_s
|
||||
@search.what = params[:what]
|
||||
@search.order = params[:order]
|
||||
|
||||
if params[:page]
|
||||
if params[:page].present?
|
||||
@search.page = params[:page].to_i
|
||||
end
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ class SignupController < ApplicationController
|
|||
return redirect_to "/"
|
||||
end
|
||||
|
||||
if !(@invitation = Invitation.find_by_code(params[:invitation_code]))
|
||||
if !(@invitation = Invitation.find_by_code(params[:invitation_code].to_s))
|
||||
flash[:error] = "Invalid or expired invitation"
|
||||
return redirect_to "/signup"
|
||||
end
|
||||
|
@ -28,7 +28,7 @@ class SignupController < ApplicationController
|
|||
end
|
||||
|
||||
def signup
|
||||
if !(@invitation = Invitation.find_by_code(params[:invitation_code]))
|
||||
if !(@invitation = Invitation.find_by_code(params[:invitation_code].to_s))
|
||||
flash[:error] = "Invalid or expired invitation."
|
||||
return redirect_to "/signup"
|
||||
end
|
||||
|
|
|
@ -83,10 +83,10 @@ class StoriesController < ApplicationController
|
|||
|
||||
@story = Story.new
|
||||
|
||||
if !params[:url].blank?
|
||||
if params[:url].present?
|
||||
@story.url = params[:url]
|
||||
|
||||
if !params[:title].blank?
|
||||
if params[:title].present?
|
||||
@story.title = params[:title]
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue