Mercurial > zeropaste
view app/models/paste.rb @ 240:16251b94eb6c
Whoops, forgot to secure the "new paste based on ##"
author | edogawaconan <me@myconan.net> |
---|---|
date | Mon, 07 Oct 2013 13:14:37 +0900 |
parents | 1c750d3cde1b |
children | 9aa67da381b0 |
line wrap: on
line source
class Paste < ActiveRecord::Base attr_accessor :is_private before_validation :paste_limit before_validation :convert_newlines before_validation :set_paste_hash before_validation :set_paste_key before_validation :set_paste_secret validates :paste, :paste_hash, :key, :ip, :presence => true validates :paste, :length => { :maximum => 1_000_000 } def to_param path end def self.safe_find(raw_id) id, secret = raw_id.split("-") return unless id.to_i.to_s == id begin self.where(secret: secret).find(id) rescue ActiveRecord::RecordNotFound nil end end def path [id, secret.presence].compact.join("-") end def set_paste_hash self.paste_hash = Digest::SHA512.hexdigest("#{paste}\n") end def set_paste_key self.key ||= SecureRandom.hex(4) end def set_paste_secret self.secret = SecureRandom.hex(4) if self.is_private? end def is_private? self.is_private == "1" end def convert_newlines self.paste = self.paste.to_s.gsub("\r\n", "\n").gsub("\r", "\n") end def paste_limit ip_post_recent_count = self.class.where(:ip => self.ip).where('created_at > ?', Time.now - 1.hour).count errors.add :base, :limit if ip_post_recent_count > 100 end def self.fix_all self.all.each do |p| p.save end end end