sprinkle some to_s paranoia on params where it matters
This commit is contained in:
parent
305789381c
commit
75570194ac
|
@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
def authenticate_user
|
def authenticate_user
|
||||||
if session[:u]
|
if session[:u]
|
||||||
@user = User.find_by_session_token(session[:u])
|
@user = User.find_by_session_token(session[:u].to_s)
|
||||||
end
|
end
|
||||||
|
|
||||||
true
|
true
|
||||||
|
|
|
@ -17,7 +17,7 @@ class CommentsController < ApplicationController
|
||||||
comment.story_id = story.id
|
comment.story_id = story.id
|
||||||
comment.user_id = @user.id
|
comment.user_id = @user.id
|
||||||
|
|
||||||
if params[:parent_comment_short_id]
|
if params[:parent_comment_short_id].present?
|
||||||
if pc = Comment.find_by_story_id_and_short_id(story.id,
|
if pc = Comment.find_by_story_id_and_short_id(story.id,
|
||||||
params[:parent_comment_short_id])
|
params[:parent_comment_short_id])
|
||||||
comment.parent_comment_id = pc.id
|
comment.parent_comment_id = pc.id
|
||||||
|
|
|
@ -15,8 +15,9 @@ class LoginController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def login
|
def login
|
||||||
if (user = User.where("email = ? OR username = ?", params[:email],
|
if (user = User.where("email = ? OR username = ?", params[:email].to_s,
|
||||||
params[:email]).first) && user.try(:authenticate, params[:password])
|
params[:email].to_s).first) &&
|
||||||
|
user.try(:authenticate, params[:password].to_s)
|
||||||
session[:u] = user.session_token
|
session[:u] = user.session_token
|
||||||
return redirect_to "/"
|
return redirect_to "/"
|
||||||
end
|
end
|
||||||
|
@ -31,8 +32,8 @@ class LoginController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def reset_password
|
def reset_password
|
||||||
@found_user = User.where("email = ? OR username = ?", params[:email],
|
@found_user = User.where("email = ? OR username = ?", params[:email].to_s,
|
||||||
params[:email]).first
|
params[:email].to_s).first
|
||||||
|
|
||||||
if !@found_user
|
if !@found_user
|
||||||
flash.now[:error] = "Invalid e-mail address or username."
|
flash.now[:error] = "Invalid e-mail address or username."
|
||||||
|
@ -50,13 +51,13 @@ class LoginController < ApplicationController
|
||||||
@title = "Reset Password"
|
@title = "Reset Password"
|
||||||
|
|
||||||
if params[:token].blank? ||
|
if params[:token].blank? ||
|
||||||
!(@reset_user = User.find_by_password_reset_token(params[:token]))
|
!(@reset_user = User.find_by_password_reset_token(params[:token].to_s))
|
||||||
flash[:error] = "Invalid reset token. It may have already been " <<
|
flash[:error] = "Invalid reset token. It may have already been " <<
|
||||||
"used or you may have copied it incorrectly."
|
"used or you may have copied it incorrectly."
|
||||||
return redirect_to forgot_password_url
|
return redirect_to forgot_password_url
|
||||||
end
|
end
|
||||||
|
|
||||||
if !params[:password].blank?
|
if params[:password].present?
|
||||||
@reset_user.password = params[:password]
|
@reset_user.password = params[:password]
|
||||||
@reset_user.password_confirmation = params[:password_confirmation]
|
@reset_user.password_confirmation = params[:password_confirmation]
|
||||||
@reset_user.password_reset_token = nil
|
@reset_user.password_reset_token = nil
|
||||||
|
|
|
@ -96,7 +96,7 @@ class MessagesController < ApplicationController
|
||||||
|
|
||||||
private
|
private
|
||||||
def find_message
|
def find_message
|
||||||
if @message = Message.find_by_short_id(params[:message_id ] || params[:id])
|
if @message = Message.find_by_short_id(params[:message_id] || params[:id])
|
||||||
if (@message.author_user_id == @user.id ||
|
if (@message.author_user_id == @user.id ||
|
||||||
@message.recipient_user_id == @user.id)
|
@message.recipient_user_id == @user.id)
|
||||||
return true
|
return true
|
||||||
|
|
|
@ -5,12 +5,12 @@ class SearchController < ApplicationController
|
||||||
|
|
||||||
@search = Search.new
|
@search = Search.new
|
||||||
|
|
||||||
if params[:q].present?
|
if params[:q].to_s.present?
|
||||||
@search.q = params[:q]
|
@search.q = params[:q].to_s
|
||||||
@search.what = params[:what]
|
@search.what = params[:what]
|
||||||
@search.order = params[:order]
|
@search.order = params[:order]
|
||||||
|
|
||||||
if params[:page]
|
if params[:page].present?
|
||||||
@search.page = params[:page].to_i
|
@search.page = params[:page].to_i
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ class SignupController < ApplicationController
|
||||||
return redirect_to "/"
|
return redirect_to "/"
|
||||||
end
|
end
|
||||||
|
|
||||||
if !(@invitation = Invitation.find_by_code(params[:invitation_code]))
|
if !(@invitation = Invitation.find_by_code(params[:invitation_code].to_s))
|
||||||
flash[:error] = "Invalid or expired invitation"
|
flash[:error] = "Invalid or expired invitation"
|
||||||
return redirect_to "/signup"
|
return redirect_to "/signup"
|
||||||
end
|
end
|
||||||
|
@ -28,7 +28,7 @@ class SignupController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def signup
|
def signup
|
||||||
if !(@invitation = Invitation.find_by_code(params[:invitation_code]))
|
if !(@invitation = Invitation.find_by_code(params[:invitation_code].to_s))
|
||||||
flash[:error] = "Invalid or expired invitation."
|
flash[:error] = "Invalid or expired invitation."
|
||||||
return redirect_to "/signup"
|
return redirect_to "/signup"
|
||||||
end
|
end
|
||||||
|
|
|
@ -83,10 +83,10 @@ class StoriesController < ApplicationController
|
||||||
|
|
||||||
@story = Story.new
|
@story = Story.new
|
||||||
|
|
||||||
if !params[:url].blank?
|
if params[:url].present?
|
||||||
@story.url = params[:url]
|
@story.url = params[:url]
|
||||||
|
|
||||||
if !params[:title].blank?
|
if params[:title].present?
|
||||||
@story.title = params[:title]
|
@story.title = params[:title]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue