Fix #3835: Related tags update vulnerability.

Also fixes deprecated call to `render :text`.

app/controllers/application_controller.rb

@@ -36,13 +36,6 @@ class ApplicationController < ActionController::Base
     response.headers["Access-Control-Allow-Origin"] = "*"
   end
 
-  def require_reportbooru_key
-    unless params[:key] == Danbooru.config.reportbooru_key
-      render(text: "forbidden", status: 403)
-      return false
-    end
-  end
-  
   def bad_db_connection
     respond_to do |format|
       format.json do

app/controllers/related_tags_controller.rb

@@ -19,4 +19,12 @@ class RelatedTagsController < ApplicationController
     @tag.save
     head :ok
   end
+
+  protected
+
+  def require_reportbooru_key
+    unless Danbooru.config.reportbooru_key.present? && params[:key] == Danbooru.config.reportbooru_key
+      raise User::PrivilegeError
+    end
+  end
 end