diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index c98501a2..3d45edfa 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -31,6 +31,12 @@ class StaticController < ApplicationController @smiles = Smile.count + CommentSmile.count end + def linkfilter + redirect_to root_path unless params[:url] + + @link = params[:url] + end + def faq end diff --git a/app/validators/screen_name_validator.rb b/app/validators/screen_name_validator.rb index ad157d48..64836e8d 100644 --- a/app/validators/screen_name_validator.rb +++ b/app/validators/screen_name_validator.rb @@ -2,7 +2,7 @@ class ScreenNameValidator < ActiveModel::EachValidator FORBIDDEN_SCREEN_NAMES = %w(justask_admin retrospring_admin admin justask retrospring about public notifications inbox sign_in sign_up sidekiq moderation moderator mod administrator siteadmin site_admin help retro_spring retroospring retrosprlng niisding nllsding - pixeidesu plxeldesu plxeidesu terms privacy) + pixeidesu plxeldesu plxeidesu terms privacy linkfilter) FORBIDDEN_SCREEN_NAME_REGEXPS = [/wreciap\z/i] def validate_each(record, attribute, value) diff --git a/app/views/static/linkfilter.haml b/app/views/static/linkfilter.haml new file mode 100644 index 00000000..46317210 --- /dev/null +++ b/app/views/static/linkfilter.haml @@ -0,0 +1,19 @@ +.container.pt-3 + .card + .card-body + %h1 + You're leaving + = APP_CONFIG['site_name'] + %p.lead + The link you are visiting is not trusted by + = APP_CONFIG['site_name'] + %p + Never enter your passwords or other private information on an untrusted website. + = APP_CONFIG['site_name'] + will only ever ask for your password on a site that is on the domain + = APP_CONFIG['hostname'] + + %p.font-weight-bold.mb-0 URL: + %pre.bg-light.text-dark.p-3.rounded= @link + + %a.btn.btn-primary{ href: @link } I understand the risk, proceed! diff --git a/config/routes.rb b/config/routes.rb index 35d23bee..064e6ab0 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -42,6 +42,7 @@ Rails.application.routes.draw do match '/help/faq', to: 'static#faq', via: 'get', as: :help_faq match '/privacy', to: 'static#privacy_policy', via: 'get', as: :privacy_policy match '/terms', to: 'static#terms', via: 'get', as: :terms + match '/linkfilter', to: 'static#linkfilter', via: 'get', as: :linkfilter # Devise routes devise_for :users, path: 'user', skip: [:sessions, :registrations]