Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pull in latest changes from 10-0-stable #164

Merged
merged 12 commits into from
Oct 13, 2024
Merged

Pull in latest changes from 10-0-stable #164

merged 12 commits into from
Oct 13, 2024

Conversation

mvz
Copy link
Member

@mvz mvz commented Oct 13, 2024

  • Limit accepted parameters for Sidebar update in Admin
  • Use known set of allowed attributes when autosaving an Article
  • Permit only valid settings keys when updating blog settings
  • Use default describe blocks for Admin::NotesController specs
  • Limit assigned attributes when creating and updating Notes
  • Limit allowed SEO settings params

mvz added 12 commits October 13, 2024 10:09
@mvz
Limit accepted parameters for Sidebar update in Admin
87d06b0 
Each sidebar generates a form containing just the fields defined in
sidebar.fields. So it is not necessary, and also unsafe, to permit just
any parameter. Instead, permit only the defined fields.
@mvz
Merge pull request #159 from publify/limit-admin-sidebar-params
67e1531 
Limit accepted parameters for Sidebar update in Admin
@mvz
Use known set of allowed attributes when autosaving an Article
0a84738 
The attributes of an Article are known, so there is no need to permit
all parameters. Since it is also unsafe, replace it with the already
known set of good parameters defined in #update_params.
@mvz
Merge pull request #160 from publify/limit-admin-article-params
a350c86 
Use known set of allowed attributes when autosaving an Article
@mvz
Permit only valid settings keys when updating blog settings
c3c47cb 
The settings controller is only for updating blog settings. Instead of
permitting all parameters, which is unsafe, limit permitted parameters
to those that are actually blog settings.
@mvz
Merge pull request #161 from publify/limit-admin-setting-params
0f1c768 
Permit only valid settings keys when updating blog settings
@mvz
Use default describe blocks for Admin::NotesController specs
f90155b
@mvz
Limit assigned attributes when creating and updating Notes
83484ab 
Using #permit! is unsafe and not necessary, since we have a fixed set of
attributes used in the notes form. Use #permit with a list of attribute
names instead.
@mvz
Merge pull request #162 from publify/limit-admin-notes-params
21f3f86 
Limit assigned attributes when creating and updating Notes
@mvz
Limit allowed SEO settings params
f6ac3db 
This limits the set of parameters in the Admin::SeoController to the set
of valid blog settings, similar to AdminSettingsController. In addition,
it allows the extra :custom_permalink key to facilitate the options plus
text field construction in the SEO settings form. This eliminates the
use of the unsafe #permit! method.
@mvz
Merge pull request #163 from publify/limit-seo-controller-params
47ba1e4 
Limit allowed SEO settings params
@mvz
Merge branch '10-0-stable' into pull-in-10-0-stable
10d3f10
@mvz mvz merged commit 0277a00 into master Oct 13, 2024
8 checks passed
@mvz mvz deleted the pull-in-10-0-stable branch October 13, 2024 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mvz