agenda-libre/agenda-libre-ruby
agenda-libre/agenda-libre-ruby
2
1
Fork 0
Code Issues Pull Requests Releases Activity

Correcting some security warnings

Browse Source
This commit is contained in:
echarp 2018-09-30 19:02:49 +02:00
parent 2cd11098f4
commit a372b962ab
6 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/events_controller.rb
View File

@ -4,11 +4,11 @@ class EventsController < ApplicationController
has_scope :region, :locality, :tag, :daylimit, :year has_scope :region, :locality, :tag, :daylimit, :year
has_scope :near, type: :hash, using: %i[location distance] has_scope :near, type: :hash, using: %i[location distance]
before_action :set_events, only: [:index] before_action :set_events, only: :index
before_action :set_event, except: %i[index new preview_create create] before_action :set_event, except: %i[index new preview_create create]
before_action :set_create_event, only: %i[new preview_create create] before_action :set_create_event, only: %i[new preview_create create]
before_action :check_secret, only: %i[edit preview update destroy] before_action :check_secret, only: %i[edit preview update destroy]
before_action :set_mailer_host before_action :set_mailer_host, only: %i[create update destroy]
rescue_from ActiveRecord::StaleObjectError, with: :locked rescue_from ActiveRecord::StaleObjectError, with: :locked
def index def index
@ -88,9 +88,7 @@ class EventsController < ApplicationController
# Use callbacks to share common setup or constraints between actions # Use callbacks to share common setup or constraints between actions
def set_event def set_event
@event = Event.moderated @event = Event.find params[:id]
@event = Event.where secret: params[:secret] if params[:secret].present?
@event = @event.find params[:id]
end end
def set_create_event def set_create_event

2
app/views/events/show.html.haml
View File

@ -55,7 +55,7 @@
%p %p
%em.fa.fa-external-link-alt %em.fa.fa-external-link-alt
%span.label= Event.human_attribute_name :url %span.label= Event.human_attribute_name :url
= link_to @event.url, sanitize(@event.url) = link_to @event.url, @event.url.html_safe
- if @event.contact.present? - if @event.contact.present?
%p %p
%em.fa.fa-envelope %em.fa.fa-envelope

4
app/views/orgas/_form.html.haml
View File

@ -31,8 +31,8 @@
= f.label :city = f.label :city
= f.text_field :city, list: :cities = f.text_field :city, list: :cities
%datalist#cities %datalist#cities
- Event.group(:city).order('count(city) desc').pluck(:city).each do |city| - Event.group(:city).order('1 desc').count.each do |r|
%option= city %option= r[0]
.field.department .field.department
= f.label :department = f.label :department
= f.text_field :department = f.text_field :department

2
app/views/orgas/show.html.haml
View File

@ -39,7 +39,7 @@
%dt.url %dt.url
%em.fa.fa-external-link-alt %em.fa.fa-external-link-alt
= Orga.human_attribute_name :url = Orga.human_attribute_name :url
%dd= link_to @orga.url, sanitize(@orga.url) %dd= link_to @orga.url, @orga.url.html_safe
- if @orga.diaspora.present? - if @orga.diaspora.present?
%dt.diaspora< %dt.diaspora<
= Orga.human_attribute_name :diaspora = Orga.human_attribute_name :diaspora

2
config/application.rb
View File

@ -47,5 +47,7 @@ module AgendaDuLibreRails
# time being # time being
# TODO # TODO
config.action_controller.per_form_csrf_tokens = false config.action_controller.per_form_csrf_tokens = false
config.active_record.sqlite3.represent_boolean_as_integer = true
end end
end end

1
config/initializers/paper_trail.rb
View File

@ -1 +0,0 @@
PaperTrail.config.track_associations = false