Commit cffc52de543acfeff44ef81f09233dd560a2e7ca
1 parent
0346bd58
Exists in
master
and in
20 other branches
rails4: fix regexp security error
The ActionModel error: The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option? (ArgumentError)
Showing
4 changed files
with
7 additions
and
7 deletions
Show diff stats
app/models/create_enterprise.rb
| ... | ... | @@ -16,13 +16,13 @@ class CreateEnterprise < Task |
| 16 | 16 | settings_items field.to_sym |
| 17 | 17 | end |
| 18 | 18 | |
| 19 | - # checks for virtual attributes | |
| 19 | + # checks for virtual attributes | |
| 20 | 20 | validates_presence_of :name, :identifier |
| 21 | 21 | |
| 22 | 22 | #checks if the validation method is region to validates |
| 23 | 23 | validates_presence_of :region_id, :if => lambda { |obj| obj.environment.organization_approval_method == :region } |
| 24 | 24 | |
| 25 | - validates_format_of :foundation_year, :with => /^\d*$/ | |
| 25 | + validates_format_of :foundation_year, :with => /\d*/ | |
| 26 | 26 | |
| 27 | 27 | # checks for actual attributes |
| 28 | 28 | validates_presence_of :requestor_id, :target_id |
| ... | ... | @@ -127,7 +127,7 @@ class CreateEnterprise < Task |
| 127 | 127 | finish |
| 128 | 128 | end |
| 129 | 129 | |
| 130 | - # tells if this request was appoved | |
| 130 | + # tells if this request was appoved | |
| 131 | 131 | def approved? |
| 132 | 132 | self.status == Task::Status::FINISHED |
| 133 | 133 | end | ... | ... |
app/models/domain.rb
| ... | ... | @@ -14,7 +14,7 @@ class Domain < ActiveRecord::Base |
| 14 | 14 | |
| 15 | 15 | # <tt>name</tt> must be sequences of alphanumeric characters (a to z, |
| 16 | 16 | # 0 to 9), plus '_' or '-', separated by dots. Letters must be lowercase. |
| 17 | - validates_format_of :name, :with => /^([a-z0-9_-]+\.)+[a-z0-9_-]+$/, :message => N_('{fn} must be composed of sequences of lowercase letters (a to z), numbers (0 to 9), "_" and "-", separated by dots.').fix_i18n | |
| 17 | + validates_format_of :name, :with => /([a-z0-9_-]+\.)+[a-z0-9_-]+/, :message => N_('{fn} must be composed of sequences of lowercase letters (a to z), numbers (0 to 9), "_" and "-", separated by dots.').fix_i18n | |
| 18 | 18 | |
| 19 | 19 | # checks validations that could not be expressed using Rails' predefined |
| 20 | 20 | # validations. In particular: | ... | ... |
app/models/profile.rb
| ... | ... | @@ -182,7 +182,7 @@ class Profile < ActiveRecord::Base |
| 182 | 182 | validates_length_of :description, :maximum => 550, :allow_nil => true |
| 183 | 183 | |
| 184 | 184 | # Valid identifiers must match this format. |
| 185 | - IDENTIFIER_FORMAT = /^#{Noosfero.identifier_format}$/ | |
| 185 | + IDENTIFIER_FORMAT = /#{Noosfero.identifier_format}/ | |
| 186 | 186 | |
| 187 | 187 | # These names cannot be used as identifiers for Profiles |
| 188 | 188 | RESERVED_IDENTIFIERS = %w[ | ... | ... |
app/models/rss_feed.rb
| ... | ... | @@ -14,7 +14,7 @@ class RssFeed < Article |
| 14 | 14 | |
| 15 | 15 | # store setting in body |
| 16 | 16 | serialize :body, Hash |
| 17 | - | |
| 17 | + | |
| 18 | 18 | def body |
| 19 | 19 | self[:body] ||= {} |
| 20 | 20 | end |
| ... | ... | @@ -40,7 +40,7 @@ class RssFeed < Article |
| 40 | 40 | |
| 41 | 41 | # FIXME this should be validates_numericality_of, but Rails 2.0.2 does not |
| 42 | 42 | # support validates_numericality_of with virtual attributes |
| 43 | - validates_format_of :limit, :with => /^\d+$/, :if => :limit | |
| 43 | + validates_format_of :limit, :with => /\d+/, :if => :limit | |
| 44 | 44 | |
| 45 | 45 | # determinates what to include in the feed. Possible values are +:all+ |
| 46 | 46 | # (include everything from the profile) and :parent_and_children (include | ... | ... |