From bc22ab034bb9bbb48fb2cc93c1a617cbcd14ff9d Mon Sep 17 00:00:00 2001 From: multiple creatures Date: Fri, 19 Jul 2019 10:16:33 -0500 Subject: move query string sanitizer to its own module & sanitize link cards as well --- app/services/fetch_link_card_service.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'app/services') diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb index 494aaed75..561daf6e1 100644 --- a/app/services/fetch_link_card_service.rb +++ b/app/services/fetch_link_card_service.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class FetchLinkCardService < BaseService + include UrlHelper + URL_PATTERN = %r{ ( # $1 URL (https?:\/\/) # $2 Protocol (required) @@ -17,7 +19,8 @@ class FetchLinkCardService < BaseService return if @url.nil? || @status.preview_cards.any? - @url = @url.to_s + @url = sanitize_query_string(@url.to_s) + return if @url.nil? RedisLock.acquire(lock_options) do |lock| if lock.acquired? -- cgit