Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
* Use `Danbooru.Autocomplete.render_item` for all menu item rendering.
Fixes usernames not being colorized when completing mentions, and post
counts not being shown when completing pools on the /pools page.
* Make the /pools page autocomplete pool names the same way that the
pool:<name> metatag does. Previously autocomplete on the /pools page
listed most recently updated pools first; now it lists largest pools first.
* Move all autocomplete code to autocomplete.js.
* Mark autocompleted fields with `data-autocomplete="<type>"` attributes,
instead of hardcoding input field IDs in the javascript.
* Disable autoFocus. This means that the first item in the autocomplete
menu isn't automatically selected.
* Add Tab keybinding, to make the Tab key work as normal with autoFocus disabled.
* Fix the Enter key to 1) insert the selected tag when inside the
autocomplete menu, and 2) submit the search as normal when not inside
the autocomplete menu.
-Otherwise, the last valid autocomplete result will remain
--Causes incorrect results on Tab/Enter completion
-This clears the autocomplete results instead
Previously we patched the jqueryui-autocomplete library in order to
customize how the Tab and Enter keys behaved. Specifically, we wanted to
prevent the Tab key from moving the focus out of the tag input box, and
we wanted to prevent the Enter key from submitting the page when editing tags.
These things can achieved without patching the library by using
`event.preventDefault` and `event.stopImmediatePropagation` to prevent
other event handlers from running after these keys trigger the
`autocompleteselect` event.
Fix bug in the double submit prevention from #2789. Rather than
unbinding the enter key on submit, have the enter key click the submit
button instead. This avoids form submission when the submit button is disabled.
- Add parent metatag defaults any and none
- Add missing user-based metatags to user source
- Remove all negative metatags since the prior code strips the '-'
On the uploads page, trigger `Fetch source data` automatically when the
user pastes an URL into the source field. Silently ignore invalid URLs
so that we don't trigger spurious errors when the user types in a source
manually.
