From 8152584cf57c2b5a797d73f5afac0bba3c904f6d Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 13 Nov 2016 11:27:13 +0100 Subject: Fix #142 - Escape ILIKE special characters from Account.find_remote --- app/models/account.rb | 2 +- spec/models/account_spec.rb | 44 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/app/models/account.rb b/app/models/account.rb index 47de161d8..81b724935 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -142,7 +142,7 @@ class Account < ApplicationRecord end def find_remote!(username, domain) - where(arel_table[:username].matches(username)).where(domain.nil? ? { domain: nil } : arel_table[:domain].matches(domain)).take! + where(arel_table[:username].matches(username.gsub(/[%_]/, '\\\\\0'))).where(domain.nil? ? { domain: nil } : arel_table[:domain].matches(domain.gsub(/[%_]/, '\\\\\0'))).take! end def find_local(username) diff --git a/spec/models/account_spec.rb b/spec/models/account_spec.rb index 0939ecdd0..a72369b1c 100644 --- a/spec/models/account_spec.rb +++ b/spec/models/account_spec.rb @@ -107,11 +107,51 @@ RSpec.describe Account, type: :model do end describe '.find_local' do - pending + before do + Fabricate(:account, username: 'Alice') + end + + it 'returns Alice for alice' do + expect(Account.find_local('alice')).to_not be_nil + end + + it 'returns Alice for Alice' do + expect(Account.find_local('Alice')).to_not be_nil + end + + it 'does not return anything for a_ice' do + expect(Account.find_local('a_ice')).to be_nil + end + + it 'does not return anything for al%' do + expect(Account.find_local('al%')).to be_nil + end end describe '.find_remote' do - pending + before do + Fabricate(:account, username: 'Alice', domain: 'mastodon.social') + end + + it 'returns Alice for alice@mastodon.social' do + expect(Account.find_remote('alice', 'mastodon.social')).to_not be_nil + end + + it 'returns Alice for ALICE@MASTODON.SOCIAL' do + expect(Account.find_remote('ALICE', 'MASTODON.SOCIAL')).to_not be_nil + end + + it 'does not return anything for a_ice@mastodon.social' do + expect(Account.find_remote('a_ice', 'mastodon.social')).to be_nil + end + + it 'does not return anything for alice@m_stodon.social' do + expect(Account.find_remote('alice', 'm_stodon.social')).to be_nil + end + + it 'does not return anything for alice@m%' do + expect(Account.find_remote('alice', 'm%')).to be_nil + end end describe 'MENTION_RE' do -- cgit