Fix ActionController::Parameters in API issue

This commit is contained in:
Eugen Rochko 2017-04-04 01:33:34 +02:00
parent f722bd2387
commit 4c53af64f0
6 changed files with 39 additions and 13 deletions

View File

@ -4,6 +4,12 @@ class Api::V1::AppsController < ApiController
respond_to :json respond_to :json
def create def create
@app = Doorkeeper::Application.create!(name: params[:client_name], redirect_uri: params[:redirect_uris], scopes: (params[:scopes] || Doorkeeper.configuration.default_scopes), website: params[:website]) @app = Doorkeeper::Application.create!(name: app_params[:client_name], redirect_uri: app_params[:redirect_uris], scopes: (app_params[:scopes] || Doorkeeper.configuration.default_scopes), website: app_params[:website])
end
private
def app_params
params.permit(:client_name, :redirect_uris, :scopes, :website)
end end
end end

View File

@ -7,7 +7,7 @@ class Api::V1::FollowsController < ApiController
respond_to :json respond_to :json
def create def create
raise ActiveRecord::RecordNotFound if params[:uri].blank? raise ActiveRecord::RecordNotFound if follow_params[:uri].blank?
@account = FollowService.new.call(current_user.account, target_uri).try(:target_account) @account = FollowService.new.call(current_user.account, target_uri).try(:target_account)
render action: :show render action: :show
@ -16,6 +16,10 @@ class Api::V1::FollowsController < ApiController
private private
def target_uri def target_uri
params[:uri].strip.gsub(/\A@/, '') follow_params[:uri].strip.gsub(/\A@/, '')
end
def follow_params
params.permit(:uri)
end end
end end

View File

@ -10,10 +10,16 @@ class Api::V1::MediaController < ApiController
respond_to :json respond_to :json
def create def create
@media = MediaAttachment.create!(account: current_user.account, file: params[:file]) @media = MediaAttachment.create!(account: current_user.account, file: media_params[:file])
rescue Paperclip::Errors::NotIdentifiedByImageMagickError rescue Paperclip::Errors::NotIdentifiedByImageMagickError
render json: { error: 'File type of uploaded media could not be verified' }, status: 422 render json: { error: 'File type of uploaded media could not be verified' }, status: 422
rescue Paperclip::Error rescue Paperclip::Error
render json: { error: 'Error processing thumbnail for uploaded media' }, status: 500 render json: { error: 'Error processing thumbnail for uploaded media' }, status: 500
end end
private
def media_params
params.permit(:file)
end
end end

View File

@ -12,13 +12,19 @@ class Api::V1::ReportsController < ApiController
end end
def create def create
status_ids = params[:status_ids].is_a?(Enumerable) ? params[:status_ids] : [params[:status_ids]] status_ids = report_params[:status_ids].is_a?(Enumerable) ? report_params[:status_ids] : [report_params[:status_ids]]
@report = Report.create!(account: current_account, @report = Report.create!(account: current_account,
target_account: Account.find(params[:account_id]), target_account: Account.find(report_params[:account_id]),
status_ids: Status.find(status_ids).pluck(:id), status_ids: Status.find(status_ids).pluck(:id),
comment: params[:comment]) comment: report_params[:comment])
render :show render :show
end end
private
def report_params
params.permit(:account_id, :comment, status_ids: [])
end
end end

View File

@ -62,10 +62,10 @@ class Api::V1::StatusesController < ApiController
end end
def create def create
@status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids], @status = PostStatusService.new.call(current_user.account, status_params[:status], status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]), media_ids: status_params[:media_ids],
sensitive: params[:sensitive], sensitive: status_params[:sensitive],
spoiler_text: params[:spoiler_text], spoiler_text: status_params[:spoiler_text],
visibility: params[:visibility], visibility: status_params[:visibility],
application: doorkeeper_token.application) application: doorkeeper_token.application)
render action: :show render action: :show
end end
@ -111,4 +111,8 @@ class Api::V1::StatusesController < ApiController
@status = Status.find(params[:id]) @status = Status.find(params[:id])
raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account) raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account)
end end
def status_params
params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, media_ids: [])
end
end end

View File

@ -188,7 +188,7 @@ class Status < ApplicationRecord
end end
before_validation do before_validation do
text.strip! text&.strip!
spoiler_text&.strip! spoiler_text&.strip!
self.reply = !(in_reply_to_id.nil? && thread.nil?) unless reply self.reply = !(in_reply_to_id.nil? && thread.nil?) unless reply