* Warn when renaming a wiki that still has links from other wikis.
* When renaming a wiki that still has posts, just show a warning instead
of returning an error and making the user confirm the rename.
Bug: links like these returned 404s:
* https://danbooru.donmai.us/wiki_pages/...
* https://danbooru.donmai.us/wiki_pages/.hack//
* https://danbooru.donmai.us/wiki_pages/ssss.gridman
Cause: by default, Rails uses dots in route segments to separate the id
from the format. For example, in /wiki_pages/ssss.gridman, the id is
parsed as "ssss" and the format is "gridman" (as if "gridman" were a
format like "json" or "xml").
We work around this by specifying the regex for the id param manually.
The trick here is to use a non-greedy match-all combined with a positive
lookahead to detect the extension but not include it in the match.
* Redirect the show_or_new action to either the show page or the new
page. Don't use show_or_new to render nonexistent wikis; do that in the
regular show action instead.
* Make the show action return 404 for nonexistent wikis.
Change wiki page search to redirect to exact matches only when using the
quick search bar. Fixes searches sometimes unexpectedly redirecting when
doing a regular (non-quick) search that happens to return a single result.
Also remove the logic that tries to expand the search when no results
are found. This will eventually be replaced with a smarter "did you mean?"
search.
* Move forum post vote tests from test/controllers to test/functional.
* Fix forum post vote tests to work with new routes.
* Fix obsolete wiki page tests dealing with updater_id.
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
/wiki_pages?search[order]=post_count didn't include wiki pages that
didn't belong to a tag. This was due to doing an inner join on the tags
table instead of a left outer join.
