zeropaste: app/controllers/pastes_controller.rb annotate

annotate app/controllers/pastes_controller.rb @ 240:16251b94eb6c

Whoops, forgot to secure the "new paste based on ##"

author	edogawaconan <me@myconan.net>
date	Mon, 07 Oct 2013 13:14:37 +0900
parents	388504e43bcf
children	6cca1ab53337

rev	line source
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	1 class PastesController < ApplicationController
48 f649b46fca4f Cache all the things! Or just the show page. Edho Arief <edho@myconan.net> parents: 32 diff changeset	2 caches_page :show
73 f480cdf5f3df Misc whitespace. Edho Arief <edho@myconan.net> parents: 69 diff changeset	3
74 48598fc65c20 Fixed comments on pastes_controller. Edho Arief <edho@myconan.net> parents: 73 diff changeset	4 # GET /1
48598fc65c20 Fixed comments on pastes_controller. Edho Arief <edho@myconan.net> parents: 73 diff changeset	5 # GET /1.txt
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	6 def show
212 186b4674bcbe Add controller support for is_private flag Edho Arief <edho@myconan.net> parents: 211 diff changeset	7 @paste = Paste.safe_find(params[:id])
229 388504e43bcf Properly return 404 when requesting invalid paste. Edho Arief <edho@myconan.net> parents: 226 diff changeset	8 head :not_found and return unless @paste
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	9
77 2fb80ca710e0 Added cache control so it's cached by browser the first time loaded. Edho Arief <edho@myconan.net> parents: 75 diff changeset	10 expires_in 1.year, :public => true
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	11 respond_to do \|format\|
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	12 format.html # show.html.erb
74 48598fc65c20 Fixed comments on pastes_controller. Edho Arief <edho@myconan.net> parents: 73 diff changeset	13 format.txt # show.txt.erb
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	14 end
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	15 end
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	16
74 48598fc65c20 Fixed comments on pastes_controller. Edho Arief <edho@myconan.net> parents: 73 diff changeset	17 # GET /
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	18 def new
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	19 @paste = Paste.new
189 b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	20 @paste.set_paste_key
240 16251b94eb6c Whoops, forgot to secure the "new paste based on ##" edogawaconan <me@myconan.net> parents: 229 diff changeset	21 @paste.paste = Paste.safe_find(params[:base]).try(:paste)
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	22
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	23 respond_to do \|format\|
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	24 format.html # new.html.erb
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	25 end
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	26 end
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	27
74 48598fc65c20 Fixed comments on pastes_controller. Edho Arief <edho@myconan.net> parents: 73 diff changeset	28 # POST /
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	29 # POST /pastes.json
74 48598fc65c20 Fixed comments on pastes_controller. Edho Arief <edho@myconan.net> parents: 73 diff changeset	30 # POST /pastes.txt
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	31 def create
226 fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	32 if params[:paste].is_a? Hash
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	33 if params[:paste][:paste_gzip_base64]
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	34 # 1. decode from base64
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	35 # 2. create StringIO from decoded string
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	36 # 3. unzip and read the stream
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	37 params[:paste][:paste] = Zlib::GzipReader.new(StringIO.new(Base64.decode64(params[:paste].delete(:paste_gzip_base64)))).read
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	38 elsif params[:paste][:paste_gzip]
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	39 params[:paste][:paste] = Zlib::GzipReader.new(StringIO.new(params[:paste].delete(:paste_gzip))).read
fb9909885d63 Also support plain gzip Edho Arief <edho@myconan.net> parents: 225 diff changeset	40 end
69 be561c3967ee Safety net to ignore invalid post requests. Edho Arief <edho@myconan.net> parents: 67 diff changeset	41 end
211 5e1d728975a4 Refactor Edho Arief <edho@myconan.net> parents: 191 diff changeset	42 @paste = Paste.new(paste_params.merge(ip: request.remote_ip))
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	43
32 59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	44 begin
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	45 respond_to do \|format\|
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	46 if @paste.save
181 500c09718fd7 Added fresh paste marker. Edho Arief <edho@myconan.net> parents: 151 diff changeset	47 @fresh = true
32 59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	48 format.html { redirect_to @paste, :notice => 'Paste was successfully created.' }
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	49 format.json { render :json => @paste, :status => :created, :location => @paste }
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	50 else
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	51 format.html { render :action => "new" }
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	52 format.json { render :json => @paste.errors, :status => :unprocessable_entity }
59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	53 end
67 f7b7a39fb48c Allow post in txt format pt. 2 (view and controller). Edho Arief <edho@myconan.net> parents: 53 diff changeset	54 format.txt
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	55 end
32 59ef6698fa0d Rescue from not unique error by redirecting to previously pasted paste. Edho Arief <edho@myconan.net> parents: 12 diff changeset	56 rescue ActiveRecord::RecordNotUnique
183 fc234f8cf3d9 Return on duplicate based on post format. Edho Arief <edho@myconan.net> parents: 181 diff changeset	57 @paste = Paste.where(:ip => @paste.ip, :paste_hash => @paste.paste_hash).first
fc234f8cf3d9 Return on duplicate based on post format. Edho Arief <edho@myconan.net> parents: 181 diff changeset	58 respond_to do \|format\|
fc234f8cf3d9 Return on duplicate based on post format. Edho Arief <edho@myconan.net> parents: 181 diff changeset	59 format.html { redirect_to paste_path(@paste) }
fc234f8cf3d9 Return on duplicate based on post format. Edho Arief <edho@myconan.net> parents: 181 diff changeset	60 format.json { render :json => @paste }
fc234f8cf3d9 Return on duplicate based on post format. Edho Arief <edho@myconan.net> parents: 181 diff changeset	61 format.txt
fc234f8cf3d9 Return on duplicate based on post format. Edho Arief <edho@myconan.net> parents: 181 diff changeset	62 end
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	63 end
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	64 end
42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	65
189 b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	66 def destroy
212 186b4674bcbe Add controller support for is_private flag Edho Arief <edho@myconan.net> parents: 211 diff changeset	67 @paste = Paste.safe_find(params[:id])
189 b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	68 if @paste.key == params[:paste][:key]
b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	69 @paste.destroy
191 4e409ac7082d Also expires the page upon deletion. Edho Arief <edho@myconan.net> parents: 190 diff changeset	70 expire_page :controller => 'pastes', :action => 'show', :id => @paste.id
189 b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	71 flash[:notice] = "Paste ##{params[:id]} deleted"
b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	72 redirect_to root_path
b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	73 else
190 d4682cea8e58 Fun with alerts. Edho Arief <edho@myconan.net> parents: 189 diff changeset	74 flash[:error] = 'Incorrect deletion key'
189 b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	75 render :action => :show
b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	76 end
b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	77 end
b4b7a29b70f6 Initial work for paste deletion. Edho Arief <edho@myconan.net> parents: 183 diff changeset	78
211 5e1d728975a4 Refactor Edho Arief <edho@myconan.net> parents: 191 diff changeset	79 private
5e1d728975a4 Refactor Edho Arief <edho@myconan.net> parents: 191 diff changeset	80 def paste_params
212 186b4674bcbe Add controller support for is_private flag Edho Arief <edho@myconan.net> parents: 211 diff changeset	81 params.require(:paste).permit(:paste, :is_private, :key)
211 5e1d728975a4 Refactor Edho Arief <edho@myconan.net> parents: 191 diff changeset	82 end
2 42de15334db1 Added the pastes. Edho Arief <edho@myconan.net> parents: diff changeset	83 end

Mercurial > zeropaste

annotate app/controllers/pastes_controller.rb @ 240:16251b94eb6c