cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create invalid_char validators and apply to models

Browse source
This commit is contained in:
J Guthrie 2018-11-04 18:28:27 +00:00
parent 64816e50b5
commit c2f23fea6a
25 changed files with 91 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/models/changeset_comment.rb
View file

@ -3,8 +3,8 @@
# Table name: changeset_comments # Table name: changeset_comments
# #
# id :integer not null, primary key # id :integer not null, primary key
# changeset_id :integer not null # changeset_id :bigint(8) not null
# author_id :integer not null # author_id :bigint(8) not null
# body :text not null # body :text not null
# created_at :datetime not null # created_at :datetime not null
# visible :boolean not null # visible :boolean not null
@ -28,7 +28,7 @@ class ChangesetComment < ActiveRecord::Base
validates :changeset, :presence => true, :associated => true validates :changeset, :presence => true, :associated => true
validates :author, :presence => true, :associated => true validates :author, :presence => true, :associated => true
validates :visible, :inclusion => [true, false] validates :visible, :inclusion => [true, false]
validates :body, :format => /\A[^\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\ufffe\uffff]*\z/ validates :body, :invalid_chars => true
# Return the comment text # Return the comment text
def body def body

4
app/models/changeset_tag.rb
View file

@ -2,7 +2,7 @@
# #
# Table name: changeset_tags # Table name: changeset_tags
# #
# changeset_id :integer not null, primary key # changeset_id :bigint(8) not null, primary key
# k :string default(""), not null, primary key # k :string default(""), not null, primary key
# v :string default(""), not null # v :string default(""), not null
# #
@ -21,6 +21,6 @@ class ChangesetTag < ActiveRecord::Base
belongs_to :changeset belongs_to :changeset
validates :changeset, :presence => true, :associated => true validates :changeset, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => :changeset_id } validates :k, :uniqueness => { :scope => :changeset_id }
end end

8
app/models/diary_comment.rb
View file

@ -2,9 +2,9 @@
# #
# Table name: diary_comments # Table name: diary_comments
# #
# id :integer not null, primary key # id :bigint(8) not null, primary key
# diary_entry_id :integer not null # diary_entry_id :bigint(8) not null
# user_id :integer not null # user_id :bigint(8) not null
# body :text not null # body :text not null
# created_at :datetime not null # created_at :datetime not null
# updated_at :datetime not null # updated_at :datetime not null
@ -28,7 +28,7 @@ class DiaryComment < ActiveRecord::Base
scope :visible, -> { where(:visible => true) } scope :visible, -> { where(:visible => true) }
validates :body, :presence => true validates :body, :presence => true, :invalid_chars => true
validates :diary_entry, :user, :associated => true validates :diary_entry, :user, :associated => true
after_save :spam_check after_save :spam_check

6
app/models/diary_entry.rb
View file

@ -2,8 +2,8 @@
# #
# Table name: diary_entries # Table name: diary_entries
# #
# id :integer not null, primary key # id :bigint(8) not null, primary key
# user_id :integer not null # user_id :bigint(8) not null
# title :string not null # title :string not null
# body :text not null # body :text not null
# created_at :datetime not null # created_at :datetime not null
@ -37,7 +37,7 @@ class DiaryEntry < ActiveRecord::Base
scope :visible, -> { where(:visible => true) } scope :visible, -> { where(:visible => true) }
validates :title, :body, :presence => true validates :title, :body, :presence => true, :invalid_chars => true
validates :title, :length => 1..255 validates :title, :length => 1..255
validates :latitude, :allow_nil => true, validates :latitude, :allow_nil => true,
:numericality => { :greater_than_or_equal_to => -90, :numericality => { :greater_than_or_equal_to => -90,

2
app/models/issue_comment.rb
View file

@ -24,7 +24,7 @@ class IssueComment < ActiveRecord::Base
belongs_to :issue belongs_to :issue
belongs_to :user belongs_to :user
validates :body, :presence => true validates :body, :presence => true, :invalid_chars => true
validates :user, :presence => true validates :user, :presence => true
validates :issue, :presence => true validates :issue, :presence => true
end end

7
app/models/message.rb
View file

@ -2,13 +2,13 @@
# #
# Table name: messages # Table name: messages
# #
# id :integer not null, primary key # id :bigint(8) not null, primary key
# from_user_id :integer not null # from_user_id :bigint(8) not null
# title :string not null # title :string not null
# body :text not null # body :text not null
# sent_on :datetime not null # sent_on :datetime not null
# message_read :boolean default(FALSE), not null # message_read :boolean default(FALSE), not null
# to_user_id :integer not null # to_user_id :bigint(8) not null
# to_user_visible :boolean default(TRUE), not null # to_user_visible :boolean default(TRUE), not null
# from_user_visible :boolean default(TRUE), not null # from_user_visible :boolean default(TRUE), not null
# body_format :enum default("markdown"), not null # body_format :enum default("markdown"), not null
@ -32,6 +32,7 @@ class Message < ActiveRecord::Base
validates :title, :presence => true, :utf8 => true, :length => 1..255 validates :title, :presence => true, :utf8 => true, :length => 1..255
validates :body, :sent_on, :sender, :recipient, :presence => true validates :body, :sent_on, :sender, :recipient, :presence => true
validates :title, :body, :invalid_chars => true
def self.from_mail(mail, from, to) def self.from_mail(mail, from, to)
if mail.multipart? if mail.multipart?

4
app/models/node_tag.rb
View file

@ -2,7 +2,7 @@
# #
# Table name: current_node_tags # Table name: current_node_tags
# #
# node_id :integer not null, primary key # node_id :bigint(8) not null, primary key
# k :string default(""), not null, primary key # k :string default(""), not null, primary key
# v :string default(""), not null # v :string default(""), not null
# #
@ -18,6 +18,6 @@ class NodeTag < ActiveRecord::Base
belongs_to :node belongs_to :node
validates :node, :presence => true, :associated => true validates :node, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => :node_id } validates :k, :uniqueness => { :scope => :node_id }
end end

2
app/models/note_comment.rb
View file

@ -34,7 +34,7 @@ class NoteComment < ActiveRecord::Base
validates :author, :associated => true validates :author, :associated => true
validates :event, :inclusion => %w[opened closed reopened commented hidden] validates :event, :inclusion => %w[opened closed reopened commented hidden]
validates :body, :length => { :maximum => 2000 }, validates :body, :length => { :maximum => 2000 },
:format => /\A[^\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\ufffe\uffff]*\z/ :invalid_chars => true
# Return the comment text # Return the comment text
def body def body

6
app/models/old_node_tag.rb
View file

@ -2,8 +2,8 @@
# #
# Table name: node_tags # Table name: node_tags
# #
# node_id :integer not null, primary key # node_id :bigint(8) not null, primary key
# version :integer not null, primary key # version :bigint(8) not null, primary key
# k :string default(""), not null, primary key # k :string default(""), not null, primary key
# v :string default(""), not null # v :string default(""), not null
# #
@ -19,6 +19,6 @@ class OldNodeTag < ActiveRecord::Base
belongs_to :old_node, :foreign_key => [:node_id, :version] belongs_to :old_node, :foreign_key => [:node_id, :version]
validates :old_node, :presence => true, :associated => true validates :old_node, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => [:node_id, :version] } validates :k, :uniqueness => { :scope => [:node_id, :version] }
end end

6
app/models/old_relation_tag.rb
View file

@ -2,10 +2,10 @@
# #
# Table name: relation_tags # Table name: relation_tags
# #
# relation_id :integer default(0), not null, primary key # relation_id :bigint(8) default(0), not null, primary key
# k :string default(""), not null, primary key # k :string default(""), not null, primary key
# v :string default(""), not null # v :string default(""), not null
# version :integer not null, primary key # version :bigint(8) not null, primary key
# #
# Foreign Keys # Foreign Keys
# #
@ -19,6 +19,6 @@ class OldRelationTag < ActiveRecord::Base
belongs_to :old_relation, :foreign_key => [:relation_id, :version] belongs_to :old_relation, :foreign_key => [:relation_id, :version]
validates :old_relation, :presence => true, :associated => true validates :old_relation, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => [:relation_id, :version] } validates :k, :uniqueness => { :scope => [:relation_id, :version] }
end end

6
app/models/old_way_tag.rb
View file

@ -2,10 +2,10 @@
# #
# Table name: way_tags # Table name: way_tags
# #
# way_id :integer default(0), not null, primary key # way_id :bigint(8) default(0), not null, primary key
# k :string not null, primary key # k :string not null, primary key
# v :string not null # v :string not null
# version :integer not null, primary key # version :bigint(8) not null, primary key
# #
# Foreign Keys # Foreign Keys
# #
@ -19,6 +19,6 @@ class OldWayTag < ActiveRecord::Base
belongs_to :old_way, :foreign_key => [:way_id, :version] belongs_to :old_way, :foreign_key => [:way_id, :version]
validates :old_way, :presence => true, :associated => true validates :old_way, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => [:way_id, :version] } validates :k, :uniqueness => { :scope => [:way_id, :version] }
end end

3
app/models/redaction.rb
View file

@ -7,7 +7,7 @@
# description :text # description :text
# created_at :datetime # created_at :datetime
# updated_at :datetime # updated_at :datetime
# user_id :integer not null # user_id :bigint(8) not null
# description_format :enum default("markdown"), not null # description_format :enum default("markdown"), not null
# #
# Foreign Keys # Foreign Keys
@ -31,6 +31,7 @@ class Redaction < ActiveRecord::Base
has_many :old_ways has_many :old_ways
has_many :old_relations has_many :old_relations
validates :title, :description, :invalid_chars => true
validates :description, :presence => true validates :description, :presence => true
validates :description_format, :inclusion => { :in => %w[text html markdown] } validates :description_format, :inclusion => { :in => %w[text html markdown] }

4
app/models/relation_tag.rb
View file

@ -2,7 +2,7 @@
# #
# Table name: current_relation_tags # Table name: current_relation_tags
# #
# relation_id :integer not null, primary key # relation_id :bigint(8) not null, primary key
# k :string default(""), not null, primary key # k :string default(""), not null, primary key
# v :string default(""), not null # v :string default(""), not null
# #
@ -18,6 +18,6 @@ class RelationTag < ActiveRecord::Base
belongs_to :relation belongs_to :relation
validates :relation, :presence => true, :associated => true validates :relation, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => :relation_id } validates :k, :uniqueness => { :scope => :relation_id }
end end

2
app/models/report.rb
View file

@ -27,7 +27,7 @@ class Report < ActiveRecord::Base
validates :issue, :presence => true validates :issue, :presence => true
validates :user, :presence => true validates :user, :presence => true
validates :details, :presence => true validates :details, :presence => true, :invalid_chars => true
validates :category, :presence => true validates :category, :presence => true
def self.categories_for(reportable) def self.categories_for(reportable)

8
app/models/trace.rb
View file

@ -2,17 +2,18 @@
# #
# Table name: gpx_files # Table name: gpx_files
# #
# id :integer not null, primary key # id :bigint(8) not null, primary key
# user_id :integer not null # user_id :bigint(8) not null
# visible :boolean default(TRUE), not null # visible :boolean default(TRUE), not null
# name :string default(""), not null # name :string default(""), not null
# size :integer # size :bigint(8)
# latitude :float # latitude :float
# longitude :float # longitude :float
# timestamp :datetime not null # timestamp :datetime not null
# description :string default(""), not null # description :string default(""), not null
# inserted :boolean not null # inserted :boolean not null
# visibility :enum default("public"), not null # visibility :enum default("public"), not null
# length :bigint(8)
# #
# Indexes # Indexes
# #
@ -39,6 +40,7 @@ class Trace < ActiveRecord::Base
validates :user, :presence => true, :associated => true validates :user, :presence => true, :associated => true
validates :name, :presence => true, :length => 1..255 validates :name, :presence => true, :length => 1..255
validates :name, :description, :invalid_chars => true
validates :description, :presence => { :on => :create }, :length => 1..255 validates :description, :presence => { :on => :create }, :length => 1..255
validates :timestamp, :presence => true validates :timestamp, :presence => true
validates :visibility, :inclusion => %w[private public trackable identifiable] validates :visibility, :inclusion => %w[private public trackable identifiable]

6
app/models/tracetag.rb
View file

@ -2,9 +2,9 @@
# #
# Table name: gpx_file_tags # Table name: gpx_file_tags
# #
# gpx_id :integer default(0), not null # gpx_id :bigint(8) default(0), not null
# tag :string not null # tag :string not null
# id :integer not null, primary key # id :bigint(8) not null, primary key
# #
# Indexes # Indexes
# #
@ -22,5 +22,5 @@ class Tracetag < ActiveRecord::Base
belongs_to :trace, :foreign_key => "gpx_id" belongs_to :trace, :foreign_key => "gpx_id"
validates :trace, :associated => true validates :trace, :associated => true
validates :tag, :length => 1..255, :format => %r{\A[^/;.,?]*\z} validates :tag, :length => 1..255, :format => %r{\A[^/;.,?]*\z}, :invalid_chars => true
end end

17
app/models/user.rb
View file

@ -88,23 +88,16 @@ class User < ActiveRecord::Base
:default_url => "/assets/:class/:attachment/:style.png", :default_url => "/assets/:class/:attachment/:style.png",
:styles => { :large => "100x100>", :small => "50x50>" } :styles => { :large => "100x100>", :small => "50x50>" }
INVALID_ASCII_CHARS = "/;.,?%#".freeze
INVALID_NON_ASCII_CHARS = "\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\ufffe\uffff".freeze
validates :display_name, :presence => true, :allow_nil => true, :length => 3..255, validates :display_name, :presence => true, :allow_nil => true, :length => 3..255,
:exclusion => %w[new terms save confirm confirm-email go_public reset-password forgot-password suspended] :exclusion => %w[new terms save confirm confirm-email go_public reset-password forgot-password suspended]
validates :display_name, :if => proc { |u| u.display_name_changed? }, validates :display_name, :if => proc { |u| u.display_name_changed? },
:uniqueness => { :case_sensitive => false } :uniqueness => { :case_sensitive => false }
validates :display_name, :if => proc { |u| u.display_name_changed? }, validates :display_name, :if => proc { |u| u.display_name_changed? },
:format => { :with => /\A[^#{INVALID_NON_ASCII_CHARS}]*\z/ } :invalid_chars => true,
validates :display_name, :if => proc { |u| u.display_name_changed? }, :invalid_url_chars => true,
:format => { :with => /\A[^#{INVALID_ASCII_CHARS}]*\z/, :leading_whitespace => true,
:message => I18n.t("users.account.invalid chars", :invalid_chars => INVALID_ASCII_CHARS) } :trailing_whitespace => true
validates :display_name, :if => proc { |u| u.display_name_changed? }, validates :email, :presence => true, :confirmation => true, :invalid_chars => true
:format => { :with => /\A\S/, :message => I18n.t("users.account.leading whitespace") }
validates :display_name, :if => proc { |u| u.display_name_changed? },
:format => { :with => /\S\z/, :message => I18n.t("users.account.trailing whitespace") }
validates :email, :presence => true, :confirmation => true
validates :email, :if => proc { |u| u.email_changed? }, validates :email, :if => proc { |u| u.email_changed? },
:uniqueness => { :case_sensitive => false } :uniqueness => { :case_sensitive => false }
validates :pass_crypt, :confirmation => true, :length => 8..255 validates :pass_crypt, :confirmation => true, :length => 8..255

7
app/models/user_block.rb
View file

@ -3,12 +3,12 @@
# Table name: user_blocks # Table name: user_blocks
# #
# id :integer not null, primary key # id :integer not null, primary key
# user_id :integer not null # user_id :bigint(8) not null
# creator_id :integer not null # creator_id :bigint(8) not null
# reason :text not null # reason :text not null
# ends_at :datetime not null # ends_at :datetime not null
# needs_view :boolean default(FALSE), not null # needs_view :boolean default(FALSE), not null
# revoker_id :integer # revoker_id :bigint(8)
# created_at :datetime # created_at :datetime
# updated_at :datetime # updated_at :datetime
# reason_format :enum default("markdown"), not null # reason_format :enum default("markdown"), not null
@ -26,6 +26,7 @@
class UserBlock < ActiveRecord::Base class UserBlock < ActiveRecord::Base
validate :moderator_permissions validate :moderator_permissions
validates :reason, :invalid_chars => true
belongs_to :user, :class_name => "User", :foreign_key => :user_id belongs_to :user, :class_name => "User", :foreign_key => :user_id
belongs_to :creator, :class_name => "User", :foreign_key => :creator_id belongs_to :creator, :class_name => "User", :foreign_key => :creator_id

4
app/models/user_preference.rb
View file

@ -2,7 +2,7 @@
# #
# Table name: user_preferences # Table name: user_preferences
# #
# user_id :integer not null, primary key # user_id :bigint(8) not null, primary key
# k :string not null, primary key # k :string not null, primary key
# v :string not null # v :string not null
# #
@ -17,7 +17,7 @@ class UserPreference < ActiveRecord::Base
belongs_to :user belongs_to :user
validates :user, :presence => true, :associated => true validates :user, :presence => true, :associated => true
validates :k, :v, :length => 1..255 validates :k, :v, :length => 1..255, :invalid_chars => true
# Turn this Node in to an XML Node without the <osm> wrapper. # Turn this Node in to an XML Node without the <osm> wrapper.
def to_xml_node def to_xml_node

4
app/models/way_tag.rb
View file

@ -2,7 +2,7 @@
# #
# Table name: current_way_tags # Table name: current_way_tags
# #
# way_id :integer not null, primary key # way_id :bigint(8) not null, primary key
# k :string default(""), not null, primary key # k :string default(""), not null, primary key
# v :string default(""), not null # v :string default(""), not null
# #
@ -18,6 +18,6 @@ class WayTag < ActiveRecord::Base
belongs_to :way belongs_to :way
validates :way, :presence => true, :associated => true validates :way, :presence => true, :associated => true
validates :k, :v, :allow_blank => true, :length => { :maximum => 255 } validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :invalid_chars => true
validates :k, :uniqueness => { :scope => :way_id } validates :k, :uniqueness => { :scope => :way_id }
end end

9
app/validators/invalid_chars_validator.rb Normal file
View file

@ -0,0 +1,9 @@
class InvalidCharsValidator < ActiveModel::EachValidator
INVALID_CHARS = "\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\ufffe\uffff".freeze
def validate_each(record, attribute, value)
if value =~ /[#{INVALID_CHARS}]/
record.errors[attribute] << (options[:message] || "contains invalid chars")
end
end
end

9
app/validators/invalid_url_chars_validator.rb Normal file
View file

@ -0,0 +1,9 @@
class InvalidUrlCharsValidator < ActiveModel::EachValidator
INVALID_URL_CHARS = "/;.,?%#".freeze
def validate_each(record, attribute, value)
if value =~ /[#{INVALID_URL_CHARS}]/
record.errors[attribute] << (options[:message] || I18n.t("validations.invalid chars", :invalid_chars => INVALID_URL_CHARS))
end
end
end

7
app/validators/leading_whitespace_validator.rb Normal file
View file

@ -0,0 +1,7 @@
class LeadingWhitespaceValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
if value =~ /\A\s/
record.errors[attribute] << (options[:message] || I18n.t("validations.leading whitespace"))
end
end
end

7
app/validators/trailing_whitespace_validator.rb Normal file
View file

@ -0,0 +1,7 @@
class TrailingWhitespaceValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
if value =~ /\s\z/
record.errors[attribute] << (options[:message] || I18n.t("validations.trailing whitespace"))
end
end
end

7
config/locales/en.yml
View file

@ -2134,9 +2134,6 @@ en:
return to profile: Return to profile return to profile: Return to profile
flash update success confirm needed: "User information updated successfully. Check your email for a note to confirm your new email address." flash update success confirm needed: "User information updated successfully. Check your email for a note to confirm your new email address."
flash update success: "User information updated successfully." flash update success: "User information updated successfully."
leading whitespace: "has leading whitespace"
trailing whitespace: "has trailing whitespace"
invalid chars: "cannot contain invalid chars: %{invalid_chars}"
confirm: confirm:
heading: Check your email! heading: Check your email!
introduction_1: | introduction_1: |
@ -2565,3 +2562,7 @@ en:
not_empty: "Redaction is not empty. Please un-redact all versions belonging to this redaction before destroying it." not_empty: "Redaction is not empty. Please un-redact all versions belonging to this redaction before destroying it."
flash: "Redaction destroyed." flash: "Redaction destroyed."
error: "There was an error destroying this redaction." error: "There was an error destroying this redaction."
validations:
leading whitespace: "has leading whitespace"
trailing whitespace: "has trailing whitespace"
invalid chars: "must not contain an invalid char: %{invalid_chars}"