Raise error on unpermitted params.

Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs

app/controllers/users_controller.rb

@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
   respond_to :html, :xml, :json
-  skip_before_filter :api_check
+  skip_before_action :api_check
 
   def new
     @user = User.new
@@ -22,7 +22,7 @@ class UsersController < ApplicationController
         redirect_to user_path(@user)
       end
     else
-      @users = User.search(params[:search]).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
+      @users = User.search(search_params).paginate(params[:page], :limit => params[:limit], :search_count => params[:search])
       respond_with(@users) do |format|
         format.xml do
           render :xml => @users.to_xml(:root => "users")
@@ -41,8 +41,7 @@ class UsersController < ApplicationController
   end
 
   def create
-    @user = User.new(params[:user], :as => CurrentUser.role)
-    @user.last_ip_addr = request.remote_ip
+    @user = User.new(user_params(:create))
     if !Danbooru.config.enable_recaptcha? || verify_recaptcha(model: @user)
       @user.save
       if @user.errors.empty?
@@ -61,7 +60,7 @@ class UsersController < ApplicationController
   def update
     @user = User.find(params[:id])
     check_privilege(@user)
-    @user.update_attributes(params[:user].except(:name), :as => CurrentUser.role)
+    @user.update(user_params(:update))
     cookies.delete(:favorite_tags)
     cookies.delete(:favorite_tags_with_categories)
     if @user.errors.any?
@@ -75,12 +74,34 @@ class UsersController < ApplicationController
   def cache
     @user = User.find(params[:id])
     @user.update_cache
-    render :nothing => true
+    render plain: ""
   end
 
-private
+  private
 
   def check_privilege(user)
     raise User::PrivilegeError unless (user.id == CurrentUser.id || CurrentUser.is_admin?)
   end
+
+  def user_params(context)
+    permitted_params = %i[
+      password old_password password_confirmation email
+      comment_threshold default_image_size favorite_tags blacklisted_tags
+      time_zone per_page custom_style
+
+      receive_email_notifications always_resize_images enable_post_navigation
+      new_post_navigation_layout enable_privacy_mode
+      enable_sequential_post_navigation hide_deleted_posts style_usernames
+      enable_auto_complete show_deleted_children
+      disable_categorized_saved_searches disable_tagged_filenames
+      enable_recent_searches disable_cropped_thumbnails disable_mobile_gestures
+      enable_safe_mode disable_responsive_mode
+    ]
+
+    permitted_params += [dmail_filter_attributes: %i[id words]]
+    permitted_params << :name if context == :create
+    permitted_params << :level if CurrentUser.is_admin?
+
+    params.require(:user).permit(permitted_params)
+  end
 end