From c01e03b1930eb2f2241391a30cc6318e850dd50d Mon Sep 17 00:00:00 2001 From: evazion Date: Wed, 19 Oct 2016 19:16:42 -0500 Subject: [PATCH] Validate post ratings. Prevent ratings from being set to invalid values via the API: PUT /posts/1.json?post[rating]=Z --- app/models/post.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/models/post.rb b/app/models/post.rb index cc3734a79..8faaa91a7 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -45,6 +45,7 @@ class Post < ActiveRecord::Base has_many :disapprovals, :class_name => "PostDisapproval", :dependent => :destroy has_many :favorites, :dependent => :destroy validates_uniqueness_of :md5 + validates_inclusion_of :rating, in: %w(s q e), message: "rating must be s, q, or e" validate :post_is_not_its_own_parent attr_accessible :source, :rating, :tag_string, :old_tag_string, :old_parent_id, :old_source, :old_rating, :parent_id, :has_embedded_notes, :as => [:member, :builder, :gold, :platinum, :janitor, :moderator, :admin, :default] attr_accessible :is_rating_locked, :is_note_locked, :as => [:builder, :janitor, :moderator, :admin]