From 583520b97caf9a1777eaaeba2a98b00fd612666a Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Sat, 3 Feb 2018 16:37:38 -0600
Subject: [PATCH] pagination helpers: convert to strong params.

---
 app/helpers/pagination_helper.rb | 16 +++++++++++-----
 app/helpers/posts_helper.rb      | 14 ++++++++------
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/app/helpers/pagination_helper.rb b/app/helpers/pagination_helper.rb
index ed5ef1c72..0f5cd7ac2 100644
--- a/app/helpers/pagination_helper.rb
+++ b/app/helpers/pagination_helper.rb
@@ -4,11 +4,11 @@ module PaginationHelper
 
     if records.any?
       if params[:page] =~ /[ab]/ && !records.is_first_page?
-        html << '<li>' + link_to("< Previous", params.merge(:page => "a#{records[0].id}"), :rel => "prev") + '</li>'
+        html << '<li>' + link_to("< Previous", nav_params.merge(:page => "a#{records[0].id}"), :rel => "prev") + '</li>'
       end
 
       unless records.is_last_page?
-        html << '<li>' + link_to("Next >", params.merge(:page => "b#{records[-1].id}"), :rel => "next") + '</li>'
+        html << '<li>' + link_to("Next >", nav_params.merge(:page => "b#{records[-1].id}"), :rel => "next") + '</li>'
       end
     end
 
@@ -29,7 +29,7 @@ module PaginationHelper
     window = 4
 
     if records.current_page >= 2
-      html << "<li class='arrow'>" + link_to("<<", params.merge(:page => records.current_page - 1), :rel => "prev") + "</li>"
+      html << "<li class='arrow'>" + link_to("<<", nav_params.merge(:page => records.current_page - 1), :rel => "prev") + "</li>"
     else
       html << "<li class='arrow'><span>" + "&lt;&lt;" + "</span></li>"
     end
@@ -69,7 +69,7 @@ module PaginationHelper
     end
 
     if records.current_page < records.total_pages && records.size > 0
-      html << "<li class='arrow'>" + link_to(">>", params.merge(:page => records.current_page + 1), :rel => "next") + "</li>"
+      html << "<li class='arrow'>" + link_to(">>", nav_params.merge(:page => records.current_page + 1), :rel => "next") + "</li>"
     else
       html << "<li class='arrow'><span>" + "&gt;&gt;" + "</span></li>"
     end
@@ -100,9 +100,15 @@ module PaginationHelper
       html << "</li>"
     else
       html << "<li class='numbered-page'>"
-      html << link_to(page, params.merge(:page => page))
+      html << link_to(page, nav_params.merge(:page => page)) # XXX
       html << "</li>"
     end
     html.join.html_safe
   end
+
+  private
+
+  def nav_params
+    params.to_unsafe_h # XXX
+  end
 end
diff --git a/app/helpers/posts_helper.rb b/app/helpers/posts_helper.rb
index 64ce28c6c..07b058739 100644
--- a/app/helpers/posts_helper.rb
+++ b/app/helpers/posts_helper.rb
@@ -5,17 +5,13 @@ module PostsHelper
 
   def next_page_url
     current_page = (params[:page] || 1).to_i
-    dup_params = params.dup
-    dup_params[:page] = current_page + 1
-    url_for(dup_params).html_safe
+    url_for(nav_params.merge(page: current_page + 1)).html_safe
   end
 
   def prev_page_url
     current_page = (params[:page] || 1).to_i
     if current_page >= 2
-      dup_params = params.dup
-      dup_params[:page] = current_page - 1
-      url_for(dup_params).html_safe
+      url_for(nav_params.merge(page: current_page - 1)).html_safe
     else
       nil
     end
@@ -135,4 +131,10 @@ module PostsHelper
 
     html.html_safe
   end
+
+  private
+
+  def nav_params
+    params.to_unsafe_h # XXX
+  end
 end