allow skipping the validations on creation if its an api call AND skip_validations is specified

this allows wordpress plugin to post very very short titles or titles that would otherwise be disallowed

app/controllers/posts_controller.rb

@@ -189,18 +189,27 @@ class PostsController < ApplicationController
   private
 
     def create_params
-      params.require(:raw)
-      params.permit(
-          :raw, 
-          :topic_id, 
-          :title, 
-          :archetype, 
-          :category, 
-          :target_usernames, 
-          :reply_to_post_number, 
-          :image_sizes, 
+      permitted = [
+          :raw,
+          :topic_id,
+          :title,
+          :archetype,
+          :category,
+          :target_usernames,
+          :reply_to_post_number,
+          :image_sizes,
           :auto_close_days
-        ).tap do |whitelisted|
+      ]
+
+      if api_key_valid?
+        # php seems to be sending this incorrectly, don't fight with it
+        params[:skip_validations] = params[:skip_validations].to_s == "true"
+        permitted << :skip_validations
+      end
+
+      params.require(:raw)
+      params.permit(*permitted).tap do |whitelisted|
+          # TODO this does not feel right, we should name what meta_data is allowed
           whitelisted[:meta_data] = params[:meta_data]
       end
     end