FreakU
/
Retrospring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #48 from Retrospring/CVE-BREAKMAN1 

CVE-BREAKMAN1
This commit is contained in:
Yuki 2015-09-01 18:54:39 +05:30
parent 419b578956 8cbd85a89c
commit 85b099d712
4 changed files with 72 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@ -1,7 +1,7 @@
source 'https://rubygems.org'
source 'https://rails-assets.org'
gem 'rails', '4.2.1'
gem 'rails', '4.2.2'
gem 'rails-i18n'
gem 'i18n-js'

82
Gemfile.lock
View File

@ -9,43 +9,43 @@ GEM
remote: https://rails-assets.org/
specs:
CFPropertyList (2.3.1)
actionmailer (4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
actionmailer (4.2.2)
actionpack (= 4.2.2)
actionview (= 4.2.2)
activejob (= 4.2.2)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.1)
actionview (= 4.2.1)
activesupport (= 4.2.1)
actionpack (4.2.2)
actionview (= 4.2.2)
activesupport (= 4.2.2)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
actionview (4.2.1)
activesupport (= 4.2.1)
actionview (4.2.2)
activesupport (= 4.2.2)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
activejob (4.2.1)
activesupport (= 4.2.1)
activejob (4.2.2)
activesupport (= 4.2.2)
globalid (>= 0.3.0)
activemodel (4.2.1)
activesupport (= 4.2.1)
activemodel (4.2.2)
activesupport (= 4.2.2)
builder (~> 3.1)
activerecord (4.2.1)
activemodel (= 4.2.1)
activesupport (= 4.2.1)
activerecord (4.2.2)
activemodel (= 4.2.2)
activesupport (= 4.2.2)
arel (~> 6.0)
activesupport (4.2.1)
activesupport (4.2.2)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
addressable (2.3.8)
arel (6.0.0)
arel (6.0.3)
bcrypt (3.1.10)
better_errors (2.1.1)
coderay (>= 1.0.0)
@ -213,7 +213,7 @@ GEM
foreman (0.78.0)
thor (~> 0.19.1)
formatador (0.2.5)
globalid (0.3.5)
globalid (0.3.6)
activesupport (>= 4.1.0)
haml (4.0.6)
tilt
@ -243,7 +243,7 @@ GEM
turbolinks
jquery-ui-rails (5.0.3)
railties (>= 3.2.16)
json (1.8.2)
json (1.8.3)
kaminari (0.16.3)
actionpack (>= 3.0.0)
activesupport (>= 3.0.0)
@ -252,18 +252,18 @@ GEM
addressable (~> 2.3)
letter_opener (1.4.1)
launchy (~> 2.2)
loofah (2.0.1)
loofah (2.0.3)
nokogiri (>= 1.5.9)
mail (2.6.3)
mime-types (>= 1.16, < 3)
memoizable (0.4.2)
thread_safe (~> 0.3, >= 0.3.1)
mime-types (2.4.3)
mime-types (2.6.1)
mini_portile (0.6.2)
minitest (5.6.0)
minitest (5.8.0)
momentjs-rails (2.9.0)
railties (>= 3.1)
multi_json (1.11.0)
multi_json (1.11.2)
multipart-post (2.0.0)
mysql2 (0.3.18)
naught (1.0.0)
@ -302,7 +302,7 @@ GEM
cliver (~> 0.3.1)
multi_json (~> 1.0)
websocket-driver (>= 0.2.0)
rack (1.6.0)
rack (1.6.4)
rack-pjax (0.8.0)
nokogiri (~> 1.5)
rack (~> 1.1)
@ -310,23 +310,23 @@ GEM
rack
rack-test (0.6.3)
rack (>= 1.0)
rails (4.2.1)
actionmailer (= 4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
activemodel (= 4.2.1)
activerecord (= 4.2.1)
activesupport (= 4.2.1)
rails (4.2.2)
actionmailer (= 4.2.2)
actionpack (= 4.2.2)
actionview (= 4.2.2)
activejob (= 4.2.2)
activemodel (= 4.2.2)
activerecord (= 4.2.2)
activesupport (= 4.2.2)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.1)
railties (= 4.2.2)
sprockets-rails
rails-assets-growl (1.2.5)
rails-assets-jquery
rails-assets-jquery (2.1.3)
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.6)
rails-dom-testing (1.0.7)
activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6.0)
rails-deprecated_sanitizer (>= 1.0.1)
@ -349,9 +349,9 @@ GEM
remotipart (~> 1.0)
safe_yaml (~> 1.0)
sass-rails (>= 4.0, < 6)
railties (4.2.1)
actionpack (= 4.2.1)
activesupport (= 4.2.1)
railties (4.2.2)
actionpack (= 4.2.2)
activesupport (= 4.2.2)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
raindrops (0.13.0)
@ -420,12 +420,12 @@ GEM
rack-protection (~> 1.4)
tilt (>= 1.3, < 3)
spring (1.3.5)
sprockets (2.12.3)
sprockets (2.12.4)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.2.4)
sprockets-rails (2.3.2)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
@ -533,7 +533,7 @@ DEPENDENCIES
pghero
poltergeist
questiongenerator!
rails (= 4.2.1)
rails (= 4.2.2)
rails-assets-growl
rails-i18n
rails_admin

17
app/controllers/ajax/moderation_controller.rb
View File

@ -5,7 +5,7 @@ class Ajax::ModerationController < ApplicationController
@success = false
render partial: "ajax/shared/status"
end
def vote
params.require :id
params.require :upvote
@ -174,7 +174,20 @@ class Ajax::ModerationController < ApplicationController
end
@checked = status
target_user.send("#{params[:type]}=", status)
case params[:type].downcase
when 'blogger'
target_user.blogger = status
when 'contributor'
target_user.contributor = status
when 'translator'
target_user.translator = status
when 'supporter'
target_user.supporter = status
when 'moderator'
target_user.moderator = status
when 'admin'
target_user.admin = status
end
target_user.save!
@message = I18n.t('messages.moderation.privilege.checked', privilege: params[:type])

21
app/controllers/ajax/report_controller.rb
View File

@ -5,7 +5,7 @@ class Ajax::ReportController < ApplicationController
@success = false
render partial: "ajax/shared/status"
end
def create
params.require :id
params.require :type
@ -23,11 +23,20 @@ class Ajax::ReportController < ApplicationController
return
end
object = if params[:type] == 'user'
User.find_by_screen_name params[:id]
else
params[:type].strip.capitalize.constantize.find params[:id]
end
obj = params[:type].strip.capitalize
object = case params[:type].strip.capitalize
when 'User'
User.find_by_screen_name params[:id]
when 'Question'
Question
when 'Answer'
Answer
when 'Comment'
Comment
else
Answer
end
if object.nil?
@message = I18n.t('messages.report.create.not_found', parameter: params[:type])