Raise error on unpermitted params.

Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs

app/controllers/application_controller.rb

@@ -1,25 +1,26 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
   helper :pagination
-  before_filter :reset_current_user
-  before_filter :set_current_user
-  after_filter :reset_current_user
-  before_filter :set_title
-  before_filter :normalize_search
-  before_filter :set_started_at_session
-  before_filter :api_check
-  before_filter :set_safe_mode
-  # before_filter :secure_cookies_check
+  before_action :reset_current_user
+  before_action :set_current_user
+  after_action :reset_current_user
+  before_action :set_title
+  before_action :normalize_search
+  before_action :set_started_at_session
+  before_action :api_check
+  before_action :set_safe_mode
+  # before_action :secure_cookies_check
   layout "default"
   force_ssl :if => :ssl_login?
   helper_method :show_moderation_notice?
-  before_filter :enable_cors
+  before_action :enable_cors
 
   rescue_from Exception, :with => :rescue_exception
   rescue_from User::PrivilegeError, :with => :access_denied
   rescue_from SessionLoader::AuthenticationFailure, :with => :authentication_failed
   rescue_from Danbooru::Paginator::PaginationError, :with => :render_pagination_limit
   rescue_from PG::ConnectionBad, with: :bad_db_connection
+  rescue_from ActionController::UnpermittedParameters, :with => :access_denied
 
   # This is raised on requests to `/blah.js`. Rails has already rendered StaticController#not_found
   # here, so calling `rescue_exception` would cause a double render error.
@@ -93,6 +94,13 @@ class ApplicationController < ActionController::Base
   def rescue_exception(exception)
     @exception = exception
 
+    if Rails.env.test? && ENV["DEBUG"]
+      puts "---"
+      STDERR.puts("#{exception.class} exception thrown: #{exception.message}")
+      exception.backtrace.each {|x| STDERR.puts(x)}
+      puts "---"
+    end
+
     if exception.is_a?(::ActiveRecord::StatementInvalid) && exception.to_s =~ /statement timeout/
       if Rails.env.production?
         NewRelic::Agent.notice_error(exception, :uri => request.original_url, :referer => request.referer, :request_params => params, :custom_params => {:user_id => CurrentUser.user.id, :user_ip_addr => CurrentUser.ip_addr})
@@ -159,7 +167,7 @@ class ApplicationController < ActionController::Base
         render :json => {:success => false, :reason => "access denied"}.to_json, :status => 403
       end
       fmt.js do
-        render :nothing => true, :status => 403
+        render js: "", :status => 403
       end
     end
   end
@@ -212,6 +220,10 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def search_params
+    params.fetch(:search, {}).permit!
+  end
+
   def set_safe_mode
     CurrentUser.set_safe_mode(request)
   end