github-migration/engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix issue #201

Browse Source
This commit is contained in:
did 2011-09-14 11:32:14 +02:00
parent efc843c2d9
commit 8dfefe5094
4 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/admin/api_contents_controller.rb
View File

@ -50,6 +50,7 @@ module Admin
def sanitize_content_params def sanitize_content_params
(params[:content] || {}).each do |key, value| (params[:content] || {}).each do |key, value|
next unless value.is_a?(String)
params[:content][key] = Sanitize.clean(value, Sanitize::Config::BASIC) params[:content][key] = Sanitize.clean(value, Sanitize::Config::BASIC)
end end
end end

1
doc/TODO
View File

@ -33,7 +33,6 @@ BUGS:
NICE TO HAVE: NICE TO HAVE:
- export site - export site
- super_finder - super_finder
- traffic statistics - traffic statistics
- asset picker (content instance) - asset picker (content instance)

2
lib/locomotive/liquid/filters/html.rb
View File

@ -64,6 +64,7 @@ module Locomotive
# example: 'about/myphoto.jpg' | theme_image # <img src="images/about/myphoto.jpg" /> # example: 'about/myphoto.jpg' | theme_image # <img src="images/about/myphoto.jpg" />
def theme_image_tag(input, *args) def theme_image_tag(input, *args)
image_options = inline_options(args_to_options(args)) image_options = inline_options(args_to_options(args))
"<img src=\"#{theme_image_url(input)}\" #{image_options}/>" "<img src=\"#{theme_image_url(input)}\" #{image_options}/>"
end end
@ -71,6 +72,7 @@ module Locomotive
# input: url of the image OR asset drop # input: url of the image OR asset drop
def image_tag(input, *args) def image_tag(input, *args)
image_options = inline_options(args_to_options(args)) image_options = inline_options(args_to_options(args))
"<img src=\"#{get_url_from_asset(input)}\" #{image_options}/>" "<img src=\"#{get_url_from_asset(input)}\" #{image_options}/>"
end end

11
spec/controllers/admin/api_contents_controller_spec.rb
View File

@ -7,6 +7,8 @@ describe Admin::ApiContentsController do
@site.content_types.first.tap do |content_type| @site.content_types.first.tap do |content_type|
content_type.content_custom_fields.build :label => 'Name', :kind => 'string', :required => true content_type.content_custom_fields.build :label => 'Name', :kind => 'string', :required => true
content_type.content_custom_fields.build :label => 'Description', :kind => 'text' content_type.content_custom_fields.build :label => 'Description', :kind => 'text'
content_type.content_custom_fields.build :label => 'File', :kind => 'file'
content_type.content_custom_fields.build :label => 'Active', :kind => 'boolean'
end.save end.save
controller.stubs(:require_site).returns(true) controller.stubs(:require_site).returns(true)
@ -64,6 +66,15 @@ describe Admin::ApiContentsController do
content.name.should == "Hacked" content.name.should == "Hacked"
end end
it 'does not sanitize non string params' do
lambda {
post 'create', default_post_params(:content => {
:active => true,
:file => ActionDispatch::Http::UploadedFile.new(:tempfile => FixturedAsset.open('5k.png'), :filename => '5k.png', :content_type => 'image/png')
})
}.should_not raise_exception
end
end end
end end