jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d9dc84325f3651205cdf7b129de061d03ab9a2a0
danbooru/app/models/ip_ban.rb
evazion d9dc84325f Fix #5365: Don't allow whitespace-only text submission. 
Fix bug where it was possible to submit blank text in various text fields.

Caused by `String#blank?` not considering certain Unicode characters as blank. `blank?` is defined
as `match?(/\A[[:space:]]*\z/)`, where `[[:space:]]` matches ASCII spaces (space, tab, newline, etc)
and Unicode characters in the Space category ([1]). However, there are other space-like characters
not in the Space category. This includes U+200B (Zero-Width Space), and many more.

It turns out the "Default ignorable code points" [2][3] are what we're after. These are the set of 400
or so formatting and control characters that are invisible when displayed.

Note that there are other control characters that aren't invisible when rendered, instead they're
shown with a placeholder glyph. These include the ASCII C0 and C1 control codes [4], certain Unicode
control characters [5], and unassigned, reserved, and private use codepoints.

There is one outlier: the Braille pattern blank (U+2800) [6]. This character is visually blank, but is
not considered to be a space or an ignorable code point.

[1]: https://codepoints.net/search?gc[]=Z
[2]: https://codepoints.net/search?DI=1
[3]: https://www.unicode.org/review/pr-5.html
[4]: https://codepoints.net/search?gc[]=Cc
[5]: https://codepoints.net/search?gc[]=Cf
[6]: https://codepoints.net/U+2800
[7]: https://en.wikipedia.org/wiki/Whitespace_character
[8]: https://character.construction/blanks
[9]: https://invisible-characters.com
2022-12-05 01:58:34 -06:00

87 lines
2.6 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class IpBan < ApplicationRecord
attribute :ip_addr, :ip_address
belongs_to :creator, class_name: "User"
has_many :mod_actions, as: :subject, dependent: :destroy
validate :validate_ip_addr
validates :reason, visible_string: true
after_save :create_mod_action
deletable
enum category: {
full: 0,
partial: 100,
}, _suffix: "ban"
def self.visible(user)
if user.is_moderator?
all
else
none
end
end
def self.ip_matches(ip_addr)
where("ip_addr >>= ?", ip_addr.to_s)
end
def self.hit!(category, ip_addr)
ip_ban = active.where(category: category).ip_matches(ip_addr).first
return false unless ip_ban
IpBan.increment_counter(:hit_count, ip_ban.id, touch: [:last_hit_at])
true
end
def self.search(params, current_user)
q = search_attributes(params, [:id, :created_at, :updated_at, :ip_addr, :reason, :is_deleted, :category, :hit_count, :last_hit_at, :creator], current_user: current_user)
case params[:order]
when /\A(created_at|updated_at|last_hit_at)(?:_(asc|desc))?\z/i
column = $1
dir = $2 || :desc
q = q.order(Arel.sql("#{column} #{dir} NULLS LAST")).order(id: :desc)
else
q = q.apply_default_order(params)
end
q
end
def create_mod_action
if previously_new_record?
ModAction.log("created ip ban for #{ip_addr}", :ip_ban_create, subject: self, user: creator)
elsif is_deleted? == true && is_deleted_before_last_save == false
ModAction.log("deleted ip ban for #{ip_addr}", :ip_ban_delete, subject: self, user: CurrentUser.user)
elsif is_deleted? == false && is_deleted_before_last_save == true
ModAction.log("undeleted ip ban for #{ip_addr}", :ip_ban_undelete, subject: self, user: CurrentUser.user)
end
end
def validate_ip_addr
if ip_addr.blank?
errors.add(:ip_addr, "is invalid")
elsif ip_addr.is_local?
errors.add(:ip_addr, "must be a public address")
elsif full_ban? && ip_addr.ipv4? && ip_addr.prefix < 24
errors.add(:ip_addr, "may not have a subnet bigger than /24")
elsif partial_ban? && ip_addr.ipv4? && ip_addr.prefix < 8
errors.add(:ip_addr, "may not have a subnet bigger than /8")
elsif full_ban? && ip_addr.ipv6? && ip_addr.prefix < 48
errors.add(:ip_addr, "may not have a subnet bigger than /48")
elsif partial_ban? && ip_addr.ipv6? && ip_addr.prefix < 20
errors.add(:ip_addr, "may not have a subnet bigger than /20")
elsif new_record? && IpBan.active.where(category: category).ip_matches(ip_addr).exists?
errors.add(:ip_addr, "is already banned")
end
end
def self.available_includes
[:creator]
end
end
Reference in New Issue View Git Blame Copy Permalink