jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Raise error on unpermitted params.

Browse Source 
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs
This commit is contained in:
r888888888
2018-04-02 10:51:26 -07:00
committed by Albert Yi
parent 01eda51020
commit abce4d2551
362 changed files with 4796 additions and 4799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

294
Gemfile.lock
View File

@@ -9,7 +9,7 @@ GIT
GIT
remote: https://github.com/r888888888/dtext_rb.git
revision: e343c4572e7a72666123984679e6cf90badd473d
revision: 47f238ec378be0933fcd7eccf1904fbd1f8d8613
specs:
dtext_rb (1.7.0)
nokogiri (~> 1.8)
@@ -24,76 +24,82 @@ GIT
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.2.8)
actionpack (= 4.2.8)
actionview (= 4.2.8)
activejob (= 4.2.8)
actioncable (5.1.6)
actionpack (= 5.1.6)
nio4r (~> 2.0)
websocket-driver (~> 0.6.1)
actionmailer (5.1.6)
actionpack (= 5.1.6)
actionview (= 5.1.6)
activejob (= 5.1.6)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.8)
actionview (= 4.2.8)
activesupport (= 4.2.8)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-dom-testing (~> 2.0)
actionpack (5.1.6)
actionview (= 5.1.6)
activesupport (= 5.1.6)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.8)
activesupport (= 4.2.8)
actionview (5.1.6)
activesupport (= 5.1.6)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (4.2.8)
activesupport (= 4.2.8)
globalid (>= 0.3.0)
activemodel (4.2.8)
activesupport (= 4.2.8)
activejob (5.1.6)
activesupport (= 5.1.6)
globalid (>= 0.3.6)
activemodel (5.1.6)
activesupport (= 5.1.6)
activemodel-serializers-xml (1.0.2)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
activerecord (4.2.8)
activemodel (= 4.2.8)
activesupport (= 4.2.8)
arel (~> 6.0)
activesupport (4.2.8)
i18n (~> 0.7)
activerecord (5.1.6)
activemodel (= 5.1.6)
activesupport (= 5.1.6)
arel (~> 8.0)
activesupport (5.1.6)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.5.2)
public_suffix (>= 2.0.2, < 4.0)
arel (6.0.4)
airbrussh (1.3.0)
sshkit (>= 1.6.1, != 1.7.0)
arel (8.0.0)
awesome_print (1.8.0)
aws-sdk (2.10.122)
aws-sdk-resources (= 2.10.122)
aws-sdk-core (2.10.122)
aws-sdk (2.10.125)
aws-sdk-resources (= 2.10.125)
aws-sdk-core (2.10.125)
aws-sigv4 (~> 1.0)
jmespath (~> 1.0)
aws-sdk-resources (2.10.122)
aws-sdk-core (= 2.10.122)
aws-sdk-resources (2.10.125)
aws-sdk-core (= 2.10.125)
aws-sigv4 (1.0.2)
bcrypt (3.1.11)
bcrypt (3.1.11-x64-mingw32)
bcrypt-ruby (3.1.5)
bcrypt (>= 3.1.3)
bcrypt-ruby (3.1.5-x64-mingw32)
bcrypt (>= 3.1.3)
bootsnap (1.1.8)
msgpack (~> 1.0)
buftok (0.2.0)
builder (3.2.3)
byebug (9.1.0)
capistrano (3.4.0)
byebug (10.0.2)
capistrano (3.10.1)
airbrussh (>= 1.0.0)
i18n
rake (>= 10.0.0)
sshkit (~> 1.3)
capistrano-bundler (1.1.4)
sshkit (>= 1.9.0)
capistrano-bundler (1.3.0)
capistrano (~> 3.1)
sshkit (~> 1.2)
capistrano-deploytags (1.0.4)
capistrano (>= 3.2.0)
capistrano-rails (1.1.3)
capistrano-deploytags (1.0.7)
capistrano (>= 3.7.0)
capistrano-rails (1.3.1)
capistrano (~> 3.1)
capistrano-bundler (~> 1.1)
capistrano-rbenv (2.0.3)
capistrano-rbenv (2.1.3)
capistrano (~> 3.1)
sshkit (~> 1.3)
capistrano3-unicorn (0.2.1)
@@ -121,15 +127,17 @@ GEM
dotenv (= 2.2.1)
railties (>= 3.2, < 5.2)
equalizer (0.0.11)
erubis (2.7.0)
erubi (1.7.1)
execjs (2.7.0)
factory_girl (4.8.0)
factory_bot (4.8.2)
activesupport (>= 3.0.0)
faraday (0.10.1)
faraday (0.12.2)
multipart-post (>= 1.2, < 3)
ffaker (2.8.1)
ffi (1.9.18)
ffi (1.9.18-x64-mingw32)
ffi-win32-extensions (1.0.3)
ffi
foreman (0.63.0)
dotenv (>= 0.7)
thor (>= 0.13.6)
@@ -149,8 +157,8 @@ GEM
mime-types (>= 1.6)
representable (~> 2.3.0)
retriable (~> 2.0)
googleauth (0.5.1)
faraday (~> 0.9)
googleauth (0.5.3)
faraday (~> 0.12)
jwt (~> 1.4)
logging (~> 2.0)
memoist (~> 0.12)
@@ -159,32 +167,35 @@ GEM
signet (~> 0.7)
hashdiff (0.3.7)
highline (1.7.10)
hike (1.2.3)
http (2.2.2)
http (3.0.0)
addressable (~> 2.3)
http-cookie (~> 1.0)
http-form_data (~> 1.0.1)
http-form_data (>= 2.0.0.pre.pre2, < 3)
http_parser.rb (~> 0.6.0)
http-cookie (1.0.3)
domain_name (~> 0.5)
http-form_data (1.0.3)
http-form_data (2.0.0)
http_parser.rb (0.6.0)
httparty (0.15.6)
multi_xml (>= 0.5.2)
httpclient (2.8.3)
hurley (0.2)
i18n (0.9.1)
i18n (1.0.0)
concurrent-ruby (~> 1.0)
jmespath (1.3.1)
json (1.8.6)
json (2.1.0)
jwt (1.5.6)
kgio (2.11.1)
kgio (2.11.2)
libv8 (3.16.14.19)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
little-plugger (1.1.4)
logging (2.2.2)
little-plugger (~> 1.1)
multi_json (~> 1.10)
loofah (2.1.1)
loofah (2.2.2)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.0)
@@ -205,10 +216,12 @@ GEM
thread_safe (~> 0.3, >= 0.3.1)
metaclass (0.0.4)
method_source (0.9.0)
mime-types (2.99.3)
mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
minitest (5.11.1)
minitest (5.11.3)
mocha (1.3.0)
metaclass (~> 0.0.1)
msgpack (1.2.2)
@@ -224,13 +237,13 @@ GEM
net-sftp (2.1.2)
net-ssh (>= 2.6.5)
net-ssh (4.2.0)
netrc (0.11.0)
newrelic_rpm (4.7.1.340)
nokogiri (1.8.1)
newrelic_rpm (4.8.0.341)
nio4r (2.3.0)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
nokogiri (1.8.1-x64-mingw32)
nokogiri (1.8.2-x64-mingw32)
mini_portile2 (~> 2.3.0)
nokogumbo (1.4.13)
nokogumbo (1.5.0)
nokogiri
ntlm-http (0.1.1)
oauth2 (1.4.0)
@@ -242,50 +255,50 @@ GEM
os (0.9.6)
pg (0.21.0)
pg (0.21.0-x64-mingw32)
protected_attributes (1.1.4)
activemodel (>= 4.0.1, < 5.0)
pry (0.11.3)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
pry-byebug (3.5.1)
byebug (~> 9.1)
pry-byebug (3.6.0)
byebug (~> 10.0)
pry (~> 0.10)
ptools (1.3.5)
ptools (1.3.5-universal-mingw32)
win32-file (>= 0.7.0)
public_suffix (3.0.1)
rack (1.6.8)
rack-test (0.6.3)
rack (>= 1.0)
rack (2.0.4)
rack-test (1.0.0)
rack (>= 1.0, < 3)
radix62 (1.0.1)
rails (4.2.8)
actionmailer (= 4.2.8)
actionpack (= 4.2.8)
actionview (= 4.2.8)
activejob (= 4.2.8)
activemodel (= 4.2.8)
activerecord (= 4.2.8)
activesupport (= 4.2.8)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.8)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.9)
activesupport (>= 4.2.0, < 5.0)
nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
railties (4.2.8)
actionpack (= 4.2.8)
activesupport (= 4.2.8)
rails (5.1.6)
actioncable (= 5.1.6)
actionmailer (= 5.1.6)
actionpack (= 5.1.6)
actionview (= 5.1.6)
activejob (= 5.1.6)
activemodel (= 5.1.6)
activerecord (= 5.1.6)
activesupport (= 5.1.6)
bundler (>= 1.3.0)
railties (= 5.1.6)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
railties (5.1.6)
actionpack (= 5.1.6)
activesupport (= 5.1.6)
method_source
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.19.0)
rake (12.3.0)
rake (12.3.1)
rakismet (1.5.4)
rb-fsevent (0.10.2)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
recaptcha (4.6.3)
recaptcha (4.6.4)
json
ref (2.0.0)
representable (2.3.0)
@@ -293,25 +306,17 @@ GEM
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
rest-client (1.8.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
rest-client (1.8.0-x64-mingw32)
ffi (~> 1.9)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
retriable (2.1.0)
ruby-prof (0.17.0)
ruby-vips (2.0.9)
ffi (~> 1.9)
ruby_dep (1.5.0)
rubyzip (1.2.1)
safe_yaml (1.0.4)
sanitize (4.5.0)
sanitize (4.6.0)
crass (~> 1.0.2)
nokogiri (>= 1.4.4)
nokogumbo (~> 1.4.1)
nokogumbo (~> 1.4)
sass (3.5.5)
sass-listen (~> 4.0.0)
sass-listen (4.0.0)
@@ -340,52 +345,48 @@ GEM
json (>= 1.8, < 3)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.2)
sprockets (2.12.4)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.3.3)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
sprockets (3.7.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sshkit (1.15.1)
net-scp (>= 1.1.2)
net-ssh (>= 2.8.0)
statistics2 (0.54)
streamio-ffmpeg (3.0.2)
multi_json (~> 1.8)
stripe (1.25.0)
json (~> 1.8.1)
rest-client (~> 1.4)
stripe (3.9.1)
faraday (~> 0.10)
term-ansicolor (1.6.0)
tins (~> 1.0)
test_after_commit (1.1.0)
activerecord (>= 3.2)
therubyracer (0.12.3)
libv8 (~> 3.16.14.15)
ref
thor (0.20.0)
thread_safe (0.3.6)
tilt (1.4.1)
tilt (2.0.8)
timecop (0.9.1)
tins (1.16.3)
twitter (6.0.0)
addressable (~> 2.5)
twitter (6.2.0)
addressable (~> 2.3)
buftok (~> 0.2.0)
equalizer (= 0.0.11)
faraday (~> 0.10.0)
http (~> 2.1)
equalizer (~> 0.0.11)
http (~> 3.0)
http-form_data (~> 2.0)
http_parser.rb (~> 0.6.0)
memoizable (~> 0.4.2)
naught (~> 1.1)
simple_oauth (~> 0.3.1)
tzinfo (1.2.4)
memoizable (~> 0.4.0)
multipart-post (~> 2.0)
naught (~> 1.0)
simple_oauth (~> 0.3.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
tzinfo-data (1.2017.3)
tzinfo-data (1.2018.3)
tzinfo (>= 1.0.0)
uber (0.0.15)
uglifier (4.1.3)
uglifier (4.1.5)
execjs (>= 0.3.0, < 3)
unf (0.1.4)
unf_ext
@@ -402,8 +403,18 @@ GEM
crack (>= 0.3.2)
hashdiff
webrobots (0.1.2)
websocket-driver (0.6.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.3)
whenever (0.10.0)
chronic (>= 0.6.3)
win32-file (0.8.1)
ffi
ffi-win32-extensions
win32-file-stat (>= 1.4.0)
win32-file-stat (1.5.5)
ffi
ffi-win32-extensions
win32console (1.3.2)
PLATFORMS
@@ -411,13 +422,14 @@ PLATFORMS
x64-mingw32
DEPENDENCIES
activemodel-serializers-xml
addressable
awesome_print
aws-sdk (~> 2)
bcrypt-ruby
bcrypt
bigquery!
bootsnap
capistrano (~> 3.4.0)
capistrano (~> 3.10)
capistrano-deploytags (~> 1.0.0)
capistrano-rails
capistrano-rbenv
@@ -430,12 +442,13 @@ DEPENDENCIES
diff-lcs
dotenv-rails
dtext_rb!
factory_girl
factory_bot
ffaker
foreman
google-api-client
highline
httparty
listen
mechanize
memcache-client
memcache_mock
@@ -444,11 +457,11 @@ DEPENDENCIES
net-sftp
newrelic_rpm
oauth2
pg (= 0.21.0)
protected_attributes
pg
pry-byebug
ptools
radix62 (~> 1.0.1)
rails (~> 4.2.0)
rails (~> 5.1)
rakismet
recaptcha
responders
@@ -467,7 +480,6 @@ DEPENDENCIES
streamio-ffmpeg
stripe
term-ansicolor
test_after_commit
therubyracer
timecop
twitter