github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 11:11:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: deprecate whitelist constants (#10716)

Browse Source 
Deprecation of:
WHITELISTED_REDIRECT_HOSTNAMES
CUSTOM_INTERPOLATION_KEYS_WHITELIST
WHITELISTED_SVG_ELEMENTS
This commit is contained in:
Krzysztof Kotlarek
2020-09-28 13:52:05 +10:00
committed by GitHub
parent bab56fdb9d
commit e7c72cd1e4
5 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/topic_link_click.rb
View File

@ -9,7 +9,9 @@ class TopicLinkClick < ActiveRecord::Base
validates_presence_of :topic_link_id
WHITELISTED_REDIRECT_HOSTNAMES = Set.new(%W{www.youtube.com youtu.be})
ALLOWED_REDIRECT_HOSTNAMES = Set.new(%W{www.youtube.com youtu.be})
include ActiveSupport::Deprecation::DeprecatedConstantAccessor
deprecate_constant 'WHITELISTED_REDIRECT_HOSTNAMES', 'TopicLinkClick::ALLOWED_REDIRECT_HOSTNAMES'
# Create a click from a URL and post_id
def self.create_from(args = {})
@ -93,7 +95,7 @@ class TopicLinkClick < ActiveRecord::Base
return nil unless uri
# Only redirect to allowlisted hostnames
return url if WHITELISTED_REDIRECT_HOSTNAMES.include?(uri.hostname) || is_cdn_link
return url if ALLOWED_REDIRECT_HOSTNAMES.include?(uri.hostname) || is_cdn_link
return nil
end

6
app/models/translation_override.rb
View File

@ -4,13 +4,15 @@ require "i18n/i18n_interpolation_keys_finder"
class TranslationOverride < ActiveRecord::Base
# Allowlist i18n interpolation keys that can be included when customizing translations
CUSTOM_INTERPOLATION_KEYS_WHITELIST = {
ALLOWED_CUSTOM_INTERPOLATION_KEYS = {
"user_notifications.user_" => %w{
topic_title_url_encoded
site_title_url_encoded
context
}
}
include ActiveSupport::Deprecation::DeprecatedConstantAccessor
deprecate_constant 'CUSTOM_INTERPOLATION_KEYS_WHITELIST', 'TranslationOverride::ALLOWED_CUSTOM_INTERPOLATION_KEYS'
validates_uniqueness_of :translation_key, scope: :locale
validates_presence_of :locale, :translation_key, :value
@ -98,7 +100,7 @@ class TranslationOverride < ActiveRecord::Base
custom_interpolation_keys = []
CUSTOM_INTERPOLATION_KEYS_WHITELIST.select do |key, value|
ALLOWED_CUSTOM_INTERPOLATION_KEYS.select do |key, value|
if transformed_key.start_with?(key)
custom_interpolation_keys = value
end