about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/brakeman.ignore68
-rw-r--r--config/locales/en.yml34
-rw-r--r--config/navigation.rb1
-rw-r--r--config/routes.rb9
4 files changed, 58 insertions, 54 deletions
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index 6ffe12ae0..c24146da4 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -7,7 +7,7 @@
       "check_name": "SQL",
       "message": "Possible SQL injection",
       "file": "app/models/status.rb",
-      "line": 104,
+      "line": 105,
       "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
       "code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")",
       "render_path": null,
@@ -21,6 +21,26 @@
       "note": ""
     },
     {
+      "warning_type": "SQL Injection",
+      "warning_code": 0,
+      "fingerprint": "30dfe36e87fe1b8f239df9a33d576e44a9863f73b680198d4713be6540ae61d3",
+      "check_name": "SQL",
+      "message": "Possible SQL injection",
+      "file": "app/models/trends/query.rb",
+      "line": 60,
+      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
+      "code": "klass.joins(\"join unnest(array[#{ids.join(\",\")}]) with ordinality as x (id, ordering) on #{klass.table_name}.id = x.id\")",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Trends::Query",
+        "method": "to_arel"
+      },
+      "user_input": "ids.join(\",\")",
+      "confidence": "Weak",
+      "note": ""
+    },
+    {
       "warning_type": "Redirect",
       "warning_code": 18,
       "fingerprint": "5fad11cd67f905fab9b1d5739d01384a1748ebe78c5af5ac31518201925265a7",
@@ -101,26 +121,6 @@
       "note": ""
     },
     {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "8c1d8c4b76c1cd3960e90dff999f854a6ff742fcfd8de6c7184ac5a1b1a4d7dd",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/preview_card_filter.rb",
-      "line": 50,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "PreviewCard.joins(\"join unnest(array[#{(Trends.links.currently_trending_ids(true, -1) or Trends.links.currently_trending_ids(false, -1)).map(&:to_i).join(\",\")}]::integer[]) with ordinality as x (id, ordering) on preview_cards.id = x.id\")",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "PreviewCardFilter",
-        "method": "trending_scope"
-      },
-      "user_input": "(Trends.links.currently_trending_ids(true, -1) or Trends.links.currently_trending_ids(false, -1)).map(&:to_i).join(\",\")",
-      "confidence": "Medium",
-      "note": ""
-    },
-    {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 2,
       "fingerprint": "afad51718ae373b2f19d2513029fd2afccf58b9148e475934bc6a162ee33c352",
@@ -134,7 +134,7 @@
         {
           "type": "template",
           "name": "admin/disputes/appeals/index",
-          "line": 16,
+          "line": 20,
           "file": "app/views/admin/disputes/appeals/index.html.haml",
           "rendered": {
             "name": "admin/disputes/appeals/_appeal",
@@ -171,26 +171,6 @@
       "note": ""
     },
     {
-      "warning_type": "SQL Injection",
-      "warning_code": 0,
-      "fingerprint": "c32a484ccd9da46abd3bc93d08b72029d7dbc0576ccf4e878a9627e9a83cad2e",
-      "check_name": "SQL",
-      "message": "Possible SQL injection",
-      "file": "app/models/tag_filter.rb",
-      "line": 50,
-      "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/",
-      "code": "Tag.joins(\"join unnest(array[#{Trends.tags.currently_trending_ids(false, -1).map(&:to_i).join(\",\")}]::integer[]) with ordinality as x (id, ordering) on tags.id = x.id\")",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "TagFilter",
-        "method": "trending_scope"
-      },
-      "user_input": "Trends.tags.currently_trending_ids(false, -1).map(&:to_i).join(\",\")",
-      "confidence": "Medium",
-      "note": ""
-    },
-    {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 4,
       "fingerprint": "cd5cfd7f40037fbfa753e494d7129df16e358bfc43ef0da3febafbf4ee1ed3ac",
@@ -204,7 +184,7 @@
         {
           "type": "template",
           "name": "admin/trends/links/index",
-          "line": 39,
+          "line": 45,
           "file": "app/views/admin/trends/links/index.html.haml",
           "rendered": {
             "name": "admin/trends/links/_preview_card",
@@ -241,6 +221,6 @@
       "note": ""
     }
   ],
-  "updated": "2022-02-13 02:24:12 +0100",
+  "updated": "2022-02-15 03:48:53 +0100",
   "brakeman_version": "5.2.1"
 }
diff --git a/config/locales/en.yml b/config/locales/en.yml
index f045174a9..60c291540 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -787,6 +787,15 @@ en:
         rejected: Links from this publisher won't trend
         title: Publishers
       rejected: Rejected
+      statuses:
+        allow: Allow post
+        allow_account: Allow author
+        disallow: Disallow post
+        disallow_account: Disallow author
+        shared_by:
+          one: Shared or favourited one time
+          other: Shared and favourited %{friendly_count} times
+        title: Trending posts
       tags:
         current_score: Current score %{score}
         dashboard:
@@ -835,16 +844,21 @@ en:
       body: "%{reporter} has reported %{target}"
       body_remote: Someone from %{domain} has reported %{target}
       subject: New report for %{instance} (#%{id})
-    new_trending_links:
-      body: The following links are trending today, but their publishers have not been previously reviewed. They will not be displayed publicly unless you approve them. Further notifications from the same publishers will not be generated.
-      no_approved_links: There are currently no approved trending links.
-      requirements: The lowest approved trending link is currently "%{lowest_link_title}" with a score of %{lowest_link_score}.
-      subject: New trending links up for review on %{instance}
-    new_trending_tags:
-      body: 'The following hashtags are trending today, but they have not been previously reviewed. They will not be displayed publicly unless you approve them:'
-      no_approved_tags: There are currently no approved trending hashtags.
-      requirements: 'The lowest approved trending hashtag is currently #%{lowest_tag_name} with a score of %{lowest_tag_score}.'
-      subject: New trending hashtags up for review on %{instance}
+    new_trends:
+      body: 'The following items need a review before they can be displayed publicly:'
+      new_trending_links:
+        no_approved_links: There are currently no approved trending links.
+        requirements: 'Any of these candidates could surpass the #%{rank} approved trending link, which is currently "%{lowest_link_title}" with a score of %{lowest_link_score}.'
+        title: Trending links
+      new_trending_statuses:
+        no_approved_statuses: There are currently no approved trending posts.
+        requirements: 'Any of these candidates could surpass the #%{rank} approved trending post, which is currently %{lowest_status_url} with a score of %{lowest_status_score}.'
+        title: Trending posts
+      new_trending_tags:
+        no_approved_tags: There are currently no approved trending hashtags.
+        requirements: 'Any of these candidates could surpass the #%{rank} approved trending hashtag, which is currently #%{lowest_tag_name} with a score of %{lowest_tag_score}.'
+        title: Trending hashtags
+      subject: New trends up for review on %{instance}
   aliases:
     add_new: Create alias
     created_msg: Successfully created a new alias. You can now initiate the move from the old account.
diff --git a/config/navigation.rb b/config/navigation.rb
index 3fc3747d5..620f78c57 100644
--- a/config/navigation.rb
+++ b/config/navigation.rb
@@ -34,6 +34,7 @@ SimpleNavigation::Configuration.run do |navigation|
     n.item :development, safe_join([fa_icon('code fw'), t('settings.development')]), settings_applications_url, if: -> { current_user.functional? }
 
     n.item :trends, safe_join([fa_icon('fire fw'), t('admin.trends.title')]), admin_trends_tags_path, if: proc { current_user.staff? } do |s|
+      s.item :statuses, safe_join([fa_icon('comments-o fw'), t('admin.trends.statuses.title')]), admin_trends_statuses_path, highlights_on: %r{/admin/trends/statuses}
       s.item :tags, safe_join([fa_icon('hashtag fw'), t('admin.trends.tags.title')]), admin_trends_tags_path, highlights_on: %r{/admin/tags|/admin/trends/tags}
       s.item :links, safe_join([fa_icon('newspaper-o fw'), t('admin.trends.links.title')]), admin_trends_links_path, highlights_on: %r{/admin/trends/links}
     end
diff --git a/config/routes.rb b/config/routes.rb
index 176438e45..a820f32ad 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -327,6 +327,12 @@ Rails.application.routes.draw do
         end
       end
 
+      resources :statuses, only: [:index] do
+        collection do
+          post :batch
+        end
+      end
+
       namespace :links do
         resources :preview_card_providers, only: [:index], path: :publishers do
           collection do
@@ -448,6 +454,7 @@ Rails.application.routes.draw do
       namespace :trends do
         resources :links, only: [:index]
         resources :tags, only: [:index]
+        resources :statuses, only: [:index]
       end
 
       namespace :emails do
@@ -554,6 +561,8 @@ Rails.application.routes.draw do
 
         namespace :trends do
           resources :tags, only: [:index]
+          resources :links, only: [:index]
+          resources :statuses, only: [:index]
         end
 
         post :measures, to: 'measures#create'