Raise error on unpermitted params.

Fail loudly if we forget to whitelist a param instead of silently
ignoring it.

misc models: convert to strong params.

artist commentaries: convert to strong params.

* Disallow changing or setting post_id to a nonexistent post.

artists: convert to strong params.

* Disallow setting `is_banned` in create/update actions. Changing it
  this way instead of with the ban/unban actions would leave the artist in
  a partially banned state.

bans: convert to strong params.

* Disallow changing the user_id after the ban has been created.

comments: convert to strong params.

favorite groups: convert to strong params.

news updates: convert to strong params.

post appeals: convert to strong params.

post flags: convert to strong params.

* Disallow users from setting the `is_deleted` / `is_resolved` flags.

ip bans: convert to strong params.

user feedbacks: convert to strong params.

* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.

notes: convert to strong params.

wiki pages: convert to strong params.

* Also fix non-Builders being able to delete wiki pages.

saved searches: convert to strong params.

pools: convert to strong params.

* Disallow setting `post_count` or `is_deleted` in create/update actions.

janitor trials: convert to strong params.

post disapprovals: convert to strong params.

* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
  of Approve button.

dmail filters: convert to strong params.

password resets: convert to strong params.

user name change requests: convert to strong params.

posts: convert to strong params.

users: convert to strong params.

* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
  has_mail, and dmail_filter_attributes[user_id].

* Remove initialize_default_image_size (dead code).

uploads: convert to strong params.

* Remove `initialize_status` because status already defaults to pending
  in the database.

tag aliases/implications: convert to strong params.

tags: convert to strong params.

forum posts: convert to strong params.

* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).

forum topics: convert to strong params.

* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references

Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>

add diffs

test/unit/saved_search_test.rb

@@ -3,7 +3,7 @@ require 'test_helper'
 class SavedSearchTest < ActiveSupport::TestCase
   def setup
     super
-    @user = FactoryGirl.create(:user)
+    @user = FactoryBot.create(:user)
     CurrentUser.user = @user
     CurrentUser.ip_addr = "127.0.0.1"
     mock_saved_search_service!
@@ -17,8 +17,8 @@ class SavedSearchTest < ActiveSupport::TestCase
 
   context ".labels_for" do
     setup do
-      FactoryGirl.create(:saved_search, user: @user, label_string: "blah", query: "blah")
-      FactoryGirl.create(:saved_search, user: @user, label_string: "zah", query: "blah")
+      FactoryBot.create(:saved_search, user: @user, label_string: "blah", query: "blah")
+      FactoryBot.create(:saved_search, user: @user, label_string: "zah", query: "blah")
     end
 
     should "fetch the labels used by a user" do
@@ -27,16 +27,16 @@ class SavedSearchTest < ActiveSupport::TestCase
 
     should "expire when a search is updated" do
       Cache.expects(:delete).once
-      FactoryGirl.create(:saved_search, user: @user, query: "blah")
+      FactoryBot.create(:saved_search, user: @user, query: "blah")
     end
   end
 
   context ".queries_for" do
     setup do
-      FactoryGirl.create(:tag_alias, antecedent_name: "bbb", consequent_name: "ccc", creator: @user)
-      FactoryGirl.create(:saved_search, user: @user, label_string: "blah", query: "aaa")
-      FactoryGirl.create(:saved_search, user: @user, label_string: "zah", query: "CCC BBB AAA")
-      FactoryGirl.create(:saved_search, user: @user, label_string: "qux", query: " aaa  bbb  ccc ")
+      FactoryBot.create(:tag_alias, antecedent_name: "bbb", consequent_name: "ccc", creator: @user)
+      FactoryBot.create(:saved_search, user: @user, label_string: "blah", query: "aaa")
+      FactoryBot.create(:saved_search, user: @user, label_string: "zah", query: "CCC BBB AAA")
+      FactoryBot.create(:saved_search, user: @user, label_string: "qux", query: " aaa  bbb  ccc ")
     end
 
     should "fetch the queries used by a user for a label" do
@@ -87,7 +87,7 @@ class SavedSearchTest < ActiveSupport::TestCase
 
   context "Creating a saved search" do
     setup do
-      FactoryGirl.create(:tag_alias, antecedent_name: "zzz", consequent_name: "yyy", creator: @user)
+      FactoryBot.create(:tag_alias, antecedent_name: "zzz", consequent_name: "yyy", creator: @user)
       @saved_search = @user.saved_searches.create(:query => " ZZZ xxx ")
     end
 
@@ -111,7 +111,7 @@ class SavedSearchTest < ActiveSupport::TestCase
 
   context "Destroying a saved search" do
     setup do
-      @saved_search = @user.saved_searches.create(:tag_query => "xxx")
+      @saved_search = @user.saved_searches.create(query: "xxx")
       @saved_search.destroy
     end
 
@@ -123,7 +123,7 @@ class SavedSearchTest < ActiveSupport::TestCase
 
   context "A user with max saved searches" do
     setup do
-      @user = FactoryGirl.create(:gold_user)
+      @user = FactoryBot.create(:gold_user)
       CurrentUser.user = @user
       User.any_instance.stubs(:max_saved_searches).returns(0)
       @saved_search = @user.saved_searches.create(:query => "xxx")