rails4: fix regexp security error

The ActionModel error: The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option? (ArgumentError)

rails4: fix regexp security error
The ActionModel error: The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option? (ArgumentError)
Braulio Bhavamitra
1 parent 0346bd58
Showing 4 changed files with 7 additions and 7 deletions Show diff stats
app/models/create_enterprise.rb
app/models/domain.rb
app/models/profile.rb
app/models/rss_feed.rb
@@ -16,13 +16,13 @@ class CreateEnterprise &lt; Task
     settings_items field.to_sym
   end
-  # checks for virtual attributes 
+  # checks for virtual attributes
   validates_presence_of :name, :identifier
   #checks if the validation method is region to validates
   validates_presence_of :region_id, :if => lambda { |obj| obj.environment.organization_approval_method == :region }
-  validates_format_of :foundation_year, :with => /^\d*$/
+  validates_format_of :foundation_year, :with => /\d*/
   # checks for actual attributes
   validates_presence_of :requestor_id, :target_id
@@ -127,7 +127,7 @@ class CreateEnterprise &lt; Task
     finish
   end
-  # tells if this request was appoved 
+  # tells if this request was appoved
   def approved?
     self.status == Task::Status::FINISHED
   end
@@ -14,7 +14,7 @@ class Domain &lt; ActiveRecord::Base
   # <tt>name</tt> must be sequences of alphanumeric characters (a to z,
   # 0 to 9), plus '_' or '-', separated by dots. Letters must be lowercase.
-  validates_format_of :name, :with => /^([a-z0-9_-]+\.)+[a-z0-9_-]+$/, :message => N_('{fn} must be composed of sequences of lowercase letters (a to z), numbers (0 to 9), "_" and "-", separated by dots.').fix_i18n
+  validates_format_of :name, :with => /([a-z0-9_-]+\.)+[a-z0-9_-]+/, :message => N_('{fn} must be composed of sequences of lowercase letters (a to z), numbers (0 to 9), "_" and "-", separated by dots.').fix_i18n
   # checks validations that could not be expressed using Rails' predefined
   # validations. In particular:
@@ -182,7 +182,7 @@ class Profile &lt; ActiveRecord::Base
   validates_length_of :description, :maximum => 550, :allow_nil => true
   # Valid identifiers must match this format.
-  IDENTIFIER_FORMAT = /^#{Noosfero.identifier_format}$/
+  IDENTIFIER_FORMAT = /#{Noosfero.identifier_format}/
   # These names cannot be used as identifiers for Profiles
   RESERVED_IDENTIFIERS = %w[
@@ -14,7 +14,7 @@ class RssFeed &lt; Article
   # store setting in body
   serialize :body, Hash
-  
+
   def body
     self[:body] ||= {}
   end
@@ -40,7 +40,7 @@ class RssFeed &lt; Article
   # FIXME this should be validates_numericality_of, but Rails 2.0.2 does not
   # support validates_numericality_of with virtual attributes
-  validates_format_of :limit, :with => /^\d+$/, :if => :limit
+  validates_format_of :limit, :with => /\d+/, :if => :limit
   # determinates what to include in the feed. Possible values are +:all+
   # (include everything from the profile) and :parent_and_children (include
	@@ -16,13 +16,13 @@ class CreateEnterprise < Task		@@ -16,13 +16,13 @@ class CreateEnterprise < Task
16	settings_items field.to_sym	16	settings_items field.to_sym
17	end	17	end
18		18
19	- # checks for virtual attributes	19	+ # checks for virtual attributes
20	validates_presence_of :name, :identifier	20	validates_presence_of :name, :identifier
21		21
22	#checks if the validation method is region to validates	22	#checks if the validation method is region to validates
23	validates_presence_of :region_id, :if => lambda { \|obj\| obj.environment.organization_approval_method == :region }	23	validates_presence_of :region_id, :if => lambda { \|obj\| obj.environment.organization_approval_method == :region }
24		24
25	- validates_format_of :foundation_year, :with => /^\d*$/	25	+ validates_format_of :foundation_year, :with => /\d*/
26		26
27	# checks for actual attributes	27	# checks for actual attributes
28	validates_presence_of :requestor_id, :target_id	28	validates_presence_of :requestor_id, :target_id
	@@ -127,7 +127,7 @@ class CreateEnterprise < Task		@@ -127,7 +127,7 @@ class CreateEnterprise < Task
127	finish	127	finish
128	end	128	end
129		129
130	- # tells if this request was appoved	130	+ # tells if this request was appoved
131	def approved?	131	def approved?
132	self.status == Task::Status::FINISHED	132	self.status == Task::Status::FINISHED
133	end	133	end
	@@ -14,7 +14,7 @@ class Domain < ActiveRecord::Base		@@ -14,7 +14,7 @@ class Domain < ActiveRecord::Base
14		14
15	# <tt>name</tt> must be sequences of alphanumeric characters (a to z,	15	# <tt>name</tt> must be sequences of alphanumeric characters (a to z,
16	# 0 to 9), plus '_' or '-', separated by dots. Letters must be lowercase.	16	# 0 to 9), plus '_' or '-', separated by dots. Letters must be lowercase.
17	- validates_format_of :name, :with => /^([a-z0-9_-]+\.)+[a-z0-9_-]+$/, :message => N_('{fn} must be composed of sequences of lowercase letters (a to z), numbers (0 to 9), "_" and "-", separated by dots.').fix_i18n	17	+ validates_format_of :name, :with => /([a-z0-9_-]+\.)+[a-z0-9_-]+/, :message => N_('{fn} must be composed of sequences of lowercase letters (a to z), numbers (0 to 9), "_" and "-", separated by dots.').fix_i18n
18		18
19	# checks validations that could not be expressed using Rails' predefined	19	# checks validations that could not be expressed using Rails' predefined
20	# validations. In particular:	20	# validations. In particular:
	@@ -182,7 +182,7 @@ class Profile < ActiveRecord::Base		@@ -182,7 +182,7 @@ class Profile < ActiveRecord::Base
182	validates_length_of :description, :maximum => 550, :allow_nil => true	182	validates_length_of :description, :maximum => 550, :allow_nil => true
183		183
184	# Valid identifiers must match this format.	184	# Valid identifiers must match this format.
185	- IDENTIFIER_FORMAT = /^#{Noosfero.identifier_format}$/	185	+ IDENTIFIER_FORMAT = /#{Noosfero.identifier_format}/
186		186
187	# These names cannot be used as identifiers for Profiles	187	# These names cannot be used as identifiers for Profiles
188	RESERVED_IDENTIFIERS = %w[	188	RESERVED_IDENTIFIERS = %w[
	@@ -14,7 +14,7 @@ class RssFeed < Article		@@ -14,7 +14,7 @@ class RssFeed < Article
14		14
15	# store setting in body	15	# store setting in body
16	serialize :body, Hash	16	serialize :body, Hash
17	-	17	+
18	def body	18	def body
19	self[:body] \|\|= {}	19	self[:body] \|\|= {}
20	end	20	end
	@@ -40,7 +40,7 @@ class RssFeed < Article		@@ -40,7 +40,7 @@ class RssFeed < Article
40		40
41	# FIXME this should be validates_numericality_of, but Rails 2.0.2 does not	41	# FIXME this should be validates_numericality_of, but Rails 2.0.2 does not
42	# support validates_numericality_of with virtual attributes	42	# support validates_numericality_of with virtual attributes
43	- validates_format_of :limit, :with => /^\d+$/, :if => :limit	43	+ validates_format_of :limit, :with => /\d+/, :if => :limit
44		44
45	# determinates what to include in the feed. Possible values are +:all+	45	# determinates what to include in the feed. Possible values are +:all+
46	# (include everything from the profile) and :parent_and_children (include	46	# (include everything from the profile) and :parent_and_children (include