From cf5435bb27b38f317d7d02de4df49c517614b4be Mon Sep 17 00:00:00 2001 From: Gomasy Date: Mon, 21 Mar 2022 12:45:58 +0900 Subject: Fix being unable to search by domain (#17832) --- app/views/admin/accounts/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/views/admin/accounts') diff --git a/app/views/admin/accounts/index.html.haml b/app/views/admin/accounts/index.html.haml index 7c0045145..60e4894d0 100644 --- a/app/views/admin/accounts/index.html.haml +++ b/app/views/admin/accounts/index.html.haml @@ -36,7 +36,7 @@ = hidden_field_tag key, params[key] - %i(username by_domain display_name email ip).each do |key| - - unless key == :by_domain && params[:remote].blank? + - unless key == :by_domain && params[:origin] != 'remote' .input.string.optional = text_field_tag key, params[key], class: 'string optional', placeholder: I18n.t("admin.accounts.#{key}") -- cgit From 392b367835c3c25e37be7c45e8cd130422de10aa Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 22 Mar 2022 10:07:11 +0100 Subject: Fix IDN domains not being rendered correctly in a few left-over places (#17848) --- app/views/accounts/_moved.html.haml | 4 +- app/views/admin/account_actions/new.html.haml | 4 +- .../account_warnings/_account_warning.html.haml | 2 +- app/views/admin/accounts/show.html.haml | 2 +- app/views/admin/change_emails/show.html.haml | 2 +- app/views/admin/disputes/appeals/_appeal.html.haml | 2 +- app/views/admin/relationships/index.html.haml | 2 +- app/views/admin/statuses/index.html.haml | 2 +- app/views/admin_mailer/new_report.text.erb | 2 +- app/views/auth/registrations/_status.html.haml | 2 +- app/views/authorize_interactions/show.html.haml | 2 +- app/views/authorize_interactions/success.html.haml | 2 +- app/views/notification_mailer/_status.html.haml | 2 +- app/views/notification_mailer/digest.text.erb | 2 +- app/views/notification_mailer/favourite.html.haml | 2 +- app/views/notification_mailer/favourite.text.erb | 2 +- app/views/notification_mailer/follow.html.haml | 2 +- app/views/notification_mailer/follow.text.erb | 2 +- .../notification_mailer/follow_request.html.haml | 2 +- .../notification_mailer/follow_request.text.erb | 2 +- app/views/notification_mailer/mention.html.haml | 2 +- app/views/notification_mailer/mention.text.erb | 2 +- app/views/notification_mailer/reblog.html.haml | 2 +- app/views/notification_mailer/reblog.text.erb | 2 +- app/views/settings/aliases/index.html.haml | 2 +- app/views/settings/migrations/show.html.haml | 4 +- config/brakeman.ignore | 80 ++++++++++++++-------- 27 files changed, 79 insertions(+), 59 deletions(-) (limited to 'app/views/admin/accounts') diff --git a/app/views/accounts/_moved.html.haml b/app/views/accounts/_moved.html.haml index 4f71b062d..2f46e0dd0 100644 --- a/app/views/accounts/_moved.html.haml +++ b/app/views/accounts/_moved.html.haml @@ -3,7 +3,7 @@ .moved-account-widget .moved-account-widget__message = fa_icon 'suitcase' - = t('accounts.moved_html', name: content_tag(:bdi, content_tag(:strong, display_name(account, custom_emojify: true), class: :emojify)), new_profile_link: link_to(content_tag(:strong, safe_join(['@', content_tag(:span, moved_to_account.acct)])), ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'mention')) + = t('accounts.moved_html', name: content_tag(:bdi, content_tag(:strong, display_name(account, custom_emojify: true), class: :emojify)), new_profile_link: link_to(content_tag(:strong, safe_join(['@', content_tag(:span, moved_to_account.pretty_acct)])), ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'mention')) .moved-account-widget__card = link_to ActivityPub::TagManager.instance.url_for(moved_to_account), class: 'detailed-status__display-name p-author h-card', target: '_blank', rel: 'me noopener noreferrer' do @@ -17,4 +17,4 @@ %span.display-name %bdi %strong.emojify= display_name(moved_to_account, custom_emojify: true) - %span @#{moved_to_account.acct} + %span @#{moved_to_account.pretty_acct} diff --git a/app/views/admin/account_actions/new.html.haml b/app/views/admin/account_actions/new.html.haml index ca4f9663f..c7bb618df 100644 --- a/app/views/admin/account_actions/new.html.haml +++ b/app/views/admin/account_actions/new.html.haml @@ -1,11 +1,11 @@ - content_for :page_title do - = t('admin.account_actions.title', acct: @account.acct) + = t('admin.account_actions.title', acct: @account.pretty_acct) = simple_form_for @account_action, url: admin_account_action_path(@account.id) do |f| = f.input :report_id, as: :hidden .fields-group - = f.input :type, as: :radio_buttons, collection: Admin::AccountAction.types_for_account(@account), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([I18n.t("simple_form.labels.admin_account_action.types.#{type}"), content_tag(:span, I18n.t("simple_form.hints.admin_account_action.types.#{type}"), class: 'hint')])}, hint: t('simple_form.hints.admin_account_action.type_html', acct: @account.acct) + = f.input :type, as: :radio_buttons, collection: Admin::AccountAction.types_for_account(@account), include_blank: false, wrapper: :with_block_label, label_method: ->(type) { safe_join([I18n.t("simple_form.labels.admin_account_action.types.#{type}"), content_tag(:span, I18n.t("simple_form.hints.admin_account_action.types.#{type}"), class: 'hint')])}, hint: t('simple_form.hints.admin_account_action.type_html', acct: @account.pretty_acct) - if @account.local? %hr.spacer/ diff --git a/app/views/admin/account_warnings/_account_warning.html.haml b/app/views/admin/account_warnings/_account_warning.html.haml index 1462e76d0..030635185 100644 --- a/app/views/admin/account_warnings/_account_warning.html.haml +++ b/app/views/admin/account_warnings/_account_warning.html.haml @@ -5,7 +5,7 @@ = fa_icon 'warning' .log-entry__content .log-entry__title - = t(account_warning.action, scope: 'admin.strikes.actions', name: content_tag(:span, account_warning.account.username, class: 'username'), target: content_tag(:span, account_warning.target_account.acct, class: 'target')).html_safe + = t(account_warning.action, scope: 'admin.strikes.actions', name: content_tag(:span, account_warning.account.username, class: 'username'), target: content_tag(:span, account_warning.target_account.pretty_acct, class: 'target')).html_safe .log-entry__timestamp %time.formatted{ datetime: account_warning.created_at.iso8601 } = l(account_warning.created_at) diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml index 9a1f07a06..805cf8a4f 100644 --- a/app/views/admin/accounts/show.html.haml +++ b/app/views/admin/accounts/show.html.haml @@ -1,5 +1,5 @@ - content_for :page_title do - = @account.acct + = @account.pretty_acct - if @account.instance_actor? .flash-message.notice diff --git a/app/views/admin/change_emails/show.html.haml b/app/views/admin/change_emails/show.html.haml index 6ff0d785e..bc00d6114 100644 --- a/app/views/admin/change_emails/show.html.haml +++ b/app/views/admin/change_emails/show.html.haml @@ -1,5 +1,5 @@ - content_for :page_title do - = t('admin.accounts.change_email.title', username: @account.acct) + = t('admin.accounts.change_email.title', username: @account.username) = simple_form_for @user, url: admin_account_change_email_path(@account.id) do |f| .fields-group diff --git a/app/views/admin/disputes/appeals/_appeal.html.haml b/app/views/admin/disputes/appeals/_appeal.html.haml index 02b8777e1..3f6efb856 100644 --- a/app/views/admin/disputes/appeals/_appeal.html.haml +++ b/app/views/admin/disputes/appeals/_appeal.html.haml @@ -4,7 +4,7 @@ = image_tag appeal.account.avatar.url(:original), alt: '', width: 40, height: 40, class: 'avatar' .log-entry__content .log-entry__title - = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.acct, class: 'target')).html_safe + = t(appeal.strike.action, scope: 'admin.strikes.actions', name: content_tag(:span, appeal.strike.account.username, class: 'username'), target: content_tag(:span, appeal.account.username, class: 'target')).html_safe .log-entry__timestamp %time.formatted{ datetime: appeal.strike.created_at.iso8601 } = l(appeal.strike.created_at) diff --git a/app/views/admin/relationships/index.html.haml b/app/views/admin/relationships/index.html.haml index 60b9b5b25..f82cf26a3 100644 --- a/app/views/admin/relationships/index.html.haml +++ b/app/views/admin/relationships/index.html.haml @@ -1,5 +1,5 @@ - content_for :page_title do - = t('admin.relationships.title', acct: @account.acct) + = t('admin.relationships.title', acct: @account.pretty_acct) .filters .filter-subset diff --git a/app/views/admin/statuses/index.html.haml b/app/views/admin/statuses/index.html.haml index 7e2114cc2..d3d7cc160 100644 --- a/app/views/admin/statuses/index.html.haml +++ b/app/views/admin/statuses/index.html.haml @@ -4,7 +4,7 @@ - content_for :page_title do = t('admin.statuses.title') \- - = "@#{@account.acct}" + = "@#{@account.pretty_acct}" .filters .filter-subset diff --git a/app/views/admin_mailer/new_report.text.erb b/app/views/admin_mailer/new_report.text.erb index d6c7d6bab..f8a5224a1 100644 --- a/app/views/admin_mailer/new_report.text.erb +++ b/app/views/admin_mailer/new_report.text.erb @@ -1,5 +1,5 @@ <%= raw t('application_mailer.salutation', name: display_name(@me)) %> -<%= raw(@report.account.local? ? t('admin_mailer.new_report.body', target: @report.target_account.acct, reporter: @report.account.acct) : t('admin_mailer.new_report.body_remote', target: @report.target_account.acct, domain: @report.account.domain)) %> +<%= raw(@report.account.local? ? t('admin_mailer.new_report.body', target: @report.target_account.pretty_acct, reporter: @report.account.pretty_acct) : t('admin_mailer.new_report.body_remote', target: @report.target_account.acct, domain: @report.account.domain)) %> <%= raw t('application_mailer.view')%> <%= admin_report_url(@report) %> diff --git a/app/views/auth/registrations/_status.html.haml b/app/views/auth/registrations/_status.html.haml index 68954a5da..759bbc41c 100644 --- a/app/views/auth/registrations/_status.html.haml +++ b/app/views/auth/registrations/_status.html.haml @@ -7,7 +7,7 @@ = t('auth.status.pending') - elsif @user.account.moved_to_account_id.present? .flash-message.warning - = t('auth.status.redirecting_to', acct: @user.account.moved_to_account.acct) + = t('auth.status.redirecting_to', acct: @user.account.moved_to_account.pretty_acct) = link_to t('migrations.cancel'), settings_migration_path %h3= t('auth.status.account_status') diff --git a/app/views/authorize_interactions/show.html.haml b/app/views/authorize_interactions/show.html.haml index 42c874134..2b4d2ed62 100644 --- a/app/views/authorize_interactions/show.html.haml +++ b/app/views/authorize_interactions/show.html.haml @@ -1,5 +1,5 @@ - content_for :page_title do - = t('authorize_follow.title', acct: @resource.acct) + = t('authorize_follow.title', acct: @resource.pretty_acct) .form-container .follow-prompt diff --git a/app/views/authorize_interactions/success.html.haml b/app/views/authorize_interactions/success.html.haml index 47fd09767..86fa55eac 100644 --- a/app/views/authorize_interactions/success.html.haml +++ b/app/views/authorize_interactions/success.html.haml @@ -1,5 +1,5 @@ - content_for :page_title do - = t('authorize_follow.title', acct: @resource.acct) + = t('authorize_follow.title', acct: @resource.pretty_acct) .form-container .follow-prompt diff --git a/app/views/notification_mailer/_status.html.haml b/app/views/notification_mailer/_status.html.haml index f520208e1..219e7e667 100644 --- a/app/views/notification_mailer/_status.html.haml +++ b/app/views/notification_mailer/_status.html.haml @@ -23,7 +23,7 @@ = image_tag full_asset_url(status.account.avatar.url), alt:'' %td{ align: 'left' } %bdi= display_name(status.account) - = "@#{status.account.acct}" + = "@#{status.account.pretty_acct}" - if status.spoiler_text? %div.auto-dir diff --git a/app/views/notification_mailer/digest.text.erb b/app/views/notification_mailer/digest.text.erb index b2c85a9e3..4cd4190c1 100644 --- a/app/views/notification_mailer/digest.text.erb +++ b/app/views/notification_mailer/digest.text.erb @@ -3,7 +3,7 @@ <%= raw t('notification_mailer.digest.body', since: l(@me.user_current_sign_in_at || @since), instance: root_url) %> <% @notifications.each do |notification| %> -* <%= raw t('notification_mailer.digest.mention', name: notification.from_account.acct) %> +* <%= raw t('notification_mailer.digest.mention', name: notification.from_account.pretty_acct) %> <%= raw Formatter.instance.plaintext(notification.target_status) %> diff --git a/app/views/notification_mailer/favourite.html.haml b/app/views/notification_mailer/favourite.html.haml index a715d615c..ebc5c29c7 100644 --- a/app/views/notification_mailer/favourite.html.haml +++ b/app/views/notification_mailer/favourite.html.haml @@ -20,7 +20,7 @@ = image_tag full_pack_url('media/images/mailer/icon_grade.png'), alt:'' %h1= t 'notification_mailer.favourite.title' - %p.lead= t('notification_mailer.favourite.body', name: @account.acct) + %p.lead= t('notification_mailer.favourite.body', name: @account.pretty_acct) = render 'status', status: @status diff --git a/app/views/notification_mailer/favourite.text.erb b/app/views/notification_mailer/favourite.text.erb index 2581b4909..f4f869656 100644 --- a/app/views/notification_mailer/favourite.text.erb +++ b/app/views/notification_mailer/favourite.text.erb @@ -1,5 +1,5 @@ <%= raw t('application_mailer.salutation', name: display_name(@me)) %> -<%= raw t('notification_mailer.favourite.body', name: @account.acct) %> +<%= raw t('notification_mailer.favourite.body', name: @account.pretty_acct) %> <%= render 'status', status: @status %> diff --git a/app/views/notification_mailer/follow.html.haml b/app/views/notification_mailer/follow.html.haml index cd84f7858..a59ef8835 100644 --- a/app/views/notification_mailer/follow.html.haml +++ b/app/views/notification_mailer/follow.html.haml @@ -20,7 +20,7 @@ = image_tag full_pack_url('media/images/mailer/icon_person_add.png'), alt: '' %h1= t 'notification_mailer.follow.title' - %p.lead= t('notification_mailer.follow.body', name: @account.acct) + %p.lead= t('notification_mailer.follow.body', name: @account.pretty_acct) %table.email-table{ cellspacing: 0, cellpadding: 0 } %tbody diff --git a/app/views/notification_mailer/follow.text.erb b/app/views/notification_mailer/follow.text.erb index cbe46f552..016a0a4cf 100644 --- a/app/views/notification_mailer/follow.text.erb +++ b/app/views/notification_mailer/follow.text.erb @@ -1,5 +1,5 @@ <%= raw t('application_mailer.salutation', name: display_name(@me)) %> -<%= raw t('notification_mailer.follow.body', name: @account.acct) %> +<%= raw t('notification_mailer.follow.body', name: @account.pretty_acct) %> <%= raw t('application_mailer.view')%> <%= web_url("accounts/#{@account.id}") %> diff --git a/app/views/notification_mailer/follow_request.html.haml b/app/views/notification_mailer/follow_request.html.haml index a63e27a90..4c32c831e 100644 --- a/app/views/notification_mailer/follow_request.html.haml +++ b/app/views/notification_mailer/follow_request.html.haml @@ -20,7 +20,7 @@ = image_tag full_pack_url('media/images/mailer/icon_person_add.png'), alt: '' %h1= t 'notification_mailer.follow_request.title' - %p.lead= t('notification_mailer.follow_request.body', name: @account.acct) + %p.lead= t('notification_mailer.follow_request.body', name: @account.pretty_acct) %table.email-table{ cellspacing: 0, cellpadding: 0 } %tbody diff --git a/app/views/notification_mailer/follow_request.text.erb b/app/views/notification_mailer/follow_request.text.erb index a018394b8..66aa97fe3 100644 --- a/app/views/notification_mailer/follow_request.text.erb +++ b/app/views/notification_mailer/follow_request.text.erb @@ -1,5 +1,5 @@ <%= raw t('application_mailer.salutation', name: display_name(@me)) %> -<%= raw t('notification_mailer.follow_request.body', name: @account.acct) %> +<%= raw t('notification_mailer.follow_request.body', name: @account.pretty_acct) %> <%= raw t('application_mailer.view')%> <%= web_url("follow_requests") %> diff --git a/app/views/notification_mailer/mention.html.haml b/app/views/notification_mailer/mention.html.haml index 619873cfa..cfb7465c1 100644 --- a/app/views/notification_mailer/mention.html.haml +++ b/app/views/notification_mailer/mention.html.haml @@ -20,7 +20,7 @@ = image_tag full_pack_url('media/images/mailer/icon_reply.png'), alt: '' %h1= t 'notification_mailer.mention.title' - %p.lead= t('notification_mailer.mention.body', name: @status.account.acct) + %p.lead= t('notification_mailer.mention.body', name: @status.account.pretty_acct) = render 'status', status: @status diff --git a/app/views/notification_mailer/mention.text.erb b/app/views/notification_mailer/mention.text.erb index 03f53813b..f104d5f92 100644 --- a/app/views/notification_mailer/mention.text.erb +++ b/app/views/notification_mailer/mention.text.erb @@ -1,5 +1,5 @@ <%= raw t('application_mailer.salutation', name: display_name(@me)) %> -<%= raw t('notification_mailer.mention.body', name: @status.account.acct) %> +<%= raw t('notification_mailer.mention.body', name: @status.account.pretty_acct) %> <%= render 'status', status: @status %> diff --git a/app/views/notification_mailer/reblog.html.haml b/app/views/notification_mailer/reblog.html.haml index a2811be23..c528536ec 100644 --- a/app/views/notification_mailer/reblog.html.haml +++ b/app/views/notification_mailer/reblog.html.haml @@ -20,7 +20,7 @@ = image_tag full_pack_url('media/images/mailer/icon_cached.png'), alt: '' %h1= t 'notification_mailer.reblog.title' - %p.lead= t('notification_mailer.reblog.body', name: @account.acct) + %p.lead= t('notification_mailer.reblog.body', name: @account.pretty_acct) = render 'status', status: @status diff --git a/app/views/notification_mailer/reblog.text.erb b/app/views/notification_mailer/reblog.text.erb index 8fc841bf6..73a3b3945 100644 --- a/app/views/notification_mailer/reblog.text.erb +++ b/app/views/notification_mailer/reblog.text.erb @@ -1,5 +1,5 @@ <%= raw t('application_mailer.salutation', name: display_name(@me)) %> -<%= raw t('notification_mailer.reblog.body', name: @account.acct) %> +<%= raw t('notification_mailer.reblog.body', name: @account.pretty_acct) %> <%= render 'status', status: @status %> diff --git a/app/views/settings/aliases/index.html.haml b/app/views/settings/aliases/index.html.haml index 5df0c9669..c618a82f1 100644 --- a/app/views/settings/aliases/index.html.haml +++ b/app/views/settings/aliases/index.html.haml @@ -29,5 +29,5 @@ - else - @aliases.each do |account_alias| %tr - %td= account_alias.acct + %td= account_alias.pretty_acct %td= table_link_to 'trash', t('aliases.remove'), settings_alias_path(account_alias), data: { method: :delete } diff --git a/app/views/settings/migrations/show.html.haml b/app/views/settings/migrations/show.html.haml index 078eaebc6..492f6fe12 100644 --- a/app/views/settings/migrations/show.html.haml +++ b/app/views/settings/migrations/show.html.haml @@ -8,7 +8,7 @@ = render 'application/card', account: current_account.moved_to_account .fields-row__column.fields-group.fields-row__column-6 %p.hint - %span.positive-hint= t('migrations.redirecting_to', acct: current_account.moved_to_account.acct) + %span.positive-hint= t('migrations.redirecting_to', acct: current_account.moved_to_account.pretty_acct) %p.hint= t('migrations.cancel_explanation') @@ -76,7 +76,7 @@ - if migration.target_account.present? = compact_account_link_to migration.target_account - else - = migration.acct + = migration.pretty_acct %td= number_with_delimiter migration.followers_count diff --git a/config/brakeman.ignore b/config/brakeman.ignore index c24146da4..80c5f6d4e 100644 --- a/config/brakeman.ignore +++ b/config/brakeman.ignore @@ -7,7 +7,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/status.rb", - "line": 105, + "line": 106, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "result.joins(\"INNER JOIN statuses_tags t#{id} ON t#{id}.status_id = statuses.id AND t#{id}.tag_id = #{id}\")", "render_path": null, @@ -27,7 +27,7 @@ "check_name": "SQL", "message": "Possible SQL injection", "file": "app/models/trends/query.rb", - "line": 60, + "line": 76, "link": "https://brakemanscanner.org/docs/warning_types/sql_injection/", "code": "klass.joins(\"join unnest(array[#{ids.join(\",\")}]) with ordinality as x (id, ordering) on #{klass.table_name}.id = x.id\")", "render_path": null, @@ -60,6 +60,36 @@ "confidence": "High", "note": "" }, + { + "warning_type": "Cross-Site Scripting", + "warning_code": 2, + "fingerprint": "71cf98c8235b5cfa9946b5db8fdc1a2f3a862566abb34e4542be6f3acae78233", + "check_name": "CrossSiteScripting", + "message": "Unescaped model attribute", + "file": "app/views/admin/disputes/appeals/_appeal.html.haml", + "line": 7, + "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting", + "code": "t((Unresolved Model).new.strike.action, :scope => \"admin.strikes.actions\", :name => content_tag(:span, (Unresolved Model).new.strike.account.username, :class => \"username\"), :target => content_tag(:span, (Unresolved Model).new.account.username, :class => \"target\"))", + "render_path": [ + { + "type": "template", + "name": "admin/disputes/appeals/index", + "line": 20, + "file": "app/views/admin/disputes/appeals/index.html.haml", + "rendered": { + "name": "admin/disputes/appeals/_appeal", + "file": "app/views/admin/disputes/appeals/_appeal.html.haml" + } + } + ], + "location": { + "type": "template", + "template": "admin/disputes/appeals/_appeal" + }, + "user_input": "(Unresolved Model).new.strike", + "confidence": "Weak", + "note": "" + }, { "warning_type": "SQL Injection", "warning_code": 0, @@ -121,33 +151,23 @@ "note": "" }, { - "warning_type": "Cross-Site Scripting", - "warning_code": 2, - "fingerprint": "afad51718ae373b2f19d2513029fd2afccf58b9148e475934bc6a162ee33c352", - "check_name": "CrossSiteScripting", - "message": "Unescaped model attribute", - "file": "app/views/admin/disputes/appeals/_appeal.html.haml", - "line": 7, - "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting", - "code": "t((Unresolved Model).new.strike.action, :scope => \"admin.strikes.actions\", :name => content_tag(:span, (Unresolved Model).new.strike.account.username, :class => \"username\"), :target => content_tag(:span, (Unresolved Model).new.account.acct, :class => \"target\"))", - "render_path": [ - { - "type": "template", - "name": "admin/disputes/appeals/index", - "line": 20, - "file": "app/views/admin/disputes/appeals/index.html.haml", - "rendered": { - "name": "admin/disputes/appeals/_appeal", - "file": "app/views/admin/disputes/appeals/_appeal.html.haml" - } - } - ], + "warning_type": "Mass Assignment", + "warning_code": 105, + "fingerprint": "ab5035dd1a9f8c3a8d92fb2c37e8fe86fede4f87c91b71aa32e89c9eede602fc", + "check_name": "PermitAttributes", + "message": "Potentially dangerous key allowed for mass assignment", + "file": "app/controllers/api/v1/notifications_controller.rb", + "line": 81, + "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", + "code": "params.permit(:account_id, :types => ([]), :exclude_types => ([]))", + "render_path": null, "location": { - "type": "template", - "template": "admin/disputes/appeals/_appeal" + "type": "method", + "class": "Api::V1::NotificationsController", + "method": "browserable_params" }, - "user_input": "(Unresolved Model).new.strike", - "confidence": "Weak", + "user_input": ":account_id", + "confidence": "High", "note": "" }, { @@ -184,7 +204,7 @@ { "type": "template", "name": "admin/trends/links/index", - "line": 45, + "line": 49, "file": "app/views/admin/trends/links/index.html.haml", "rendered": { "name": "admin/trends/links/_preview_card", @@ -207,7 +227,7 @@ "check_name": "PermitAttributes", "message": "Potentially dangerous key allowed for mass assignment", "file": "app/controllers/api/v1/reports_controller.rb", - "line": 36, + "line": 26, "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/", "code": "params.permit(:account_id, :comment, :category, :forward, :status_ids => ([]), :rule_ids => ([]))", "render_path": null, @@ -221,6 +241,6 @@ "note": "" } ], - "updated": "2022-02-15 03:48:53 +0100", + "updated": "2022-03-22 07:48:32 +0100", "brakeman_version": "5.2.1" } -- cgit