about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2016-03-21 09:24:29 +0100
committerEugen Rochko <eugen@zeonfederated.com>2016-03-21 09:24:29 +0100
commit2ba6537f524dfcdd761edbe72f925c26588b4f0e (patch)
tree0d7067dee23fc969c4996260a33908f60597a815 /app
parent68931c1ee813de5acedf0abb5e9277a12fcdb448 (diff)
Escape PuSH challenge and change subscriptions and salmon APIs to text/plain
Diffstat (limited to 'app')
-rw-r--r--app/controllers/api/salmon_controller.rb1
-rw-r--r--app/controllers/api/subscriptions_controller.rb3
2 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/api/salmon_controller.rb b/app/controllers/api/salmon_controller.rb
index 1df989700..b15aefee9 100644
--- a/app/controllers/api/salmon_controller.rb
+++ b/app/controllers/api/salmon_controller.rb
@@ -1,5 +1,6 @@
 class Api::SalmonController < ApiController
   before_action :set_account
+  respond_to :txt
 
   def update
     ProcessInteractionService.new.(request.body.read, @account)
diff --git a/app/controllers/api/subscriptions_controller.rb b/app/controllers/api/subscriptions_controller.rb
index 6ae038a36..91b987ce4 100644
--- a/app/controllers/api/subscriptions_controller.rb
+++ b/app/controllers/api/subscriptions_controller.rb
@@ -1,9 +1,10 @@
 class Api::SubscriptionsController < ApiController
   before_action :set_account
+  respond_to :txt
 
   def show
     if @account.subscription(api_subscription_url(@account.id)).valid?(params['hub.topic'], params['hub.verify_token'])
-      render text: params['hub.challenge'], status: 200
+      render text: HTMLEntities.new.encode(params['hub.challenge']), status: 200
     else
       render nothing: true, status: 404
     end