Mercurial > zeropaste
view app/controllers/pastes_controller.rb @ 418:a69dd2d37950
Prevent adding unrelated classes and funny characters
author | nanaya <me@myconan.net> |
---|---|
date | Thu, 17 Sep 2015 01:13:14 +0900 |
parents | 080dd141898c |
children | f11862e58af4 |
line wrap: on
line source
class PastesController < ApplicationController before_action :lowercase_path, :only => :show # GET /1 # GET /1.txt def show @paste = Paste.safe_find(params[:id]) return head :not_found unless @paste respond_to do |format| format.html format.txt end end # GET / def new @paste = Paste.new @paste.set_paste_key @paste.paste = Paste.safe_find(params[:base]).try(:paste) respond_to do |format| format.html # new.html.erb end end # POST / # POST /pastes.json # POST /pastes.txt def create created, @paste, @fresh = Paste.graceful_create paste_params.merge(:ip => request.remote_ip) respond_to do |format| if created if @fresh format.html { redirect_to @paste, :notice => "Paste was successfully created." } format.json { render :json => @paste, :status => :created, :location => @paste } else format.html { redirect_to paste_path(@paste) } format.json { render :json => @paste } end else flash.now[:alert] = @paste.errors.full_messages.to_sentence format.html { render :action => "new" } format.json { render :json => @paste.errors, :status => :unprocessable_entity } end format.txt end end def destroy @paste = Paste.safe_find(params[:id]) if @paste.safe_destroy(params[:paste][:key]) redirect_to root_path, :notice => "Paste ##{params[:id]} deleted" else flash.now[:alert] = @paste.errors.full_messages.to_sentence render :show end end private def lowercase_path correct_path = request.fullpath.downcase return if correct_path == request.fullpath redirect_to correct_path, :status => :moved_permanently end def paste_params params.require(:paste).permit(:paste, :paste_gzip, :paste_gzip_base64, :is_private, :key, :language) end end