System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-20 00:35:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix broken validation

Browse source
This commit is contained in:
Echo 2025-08-26 07:03:48 -04:00
parent c299e26e67
commit 84ac41ad7e
No known key found for this signature in database
GPG key ID: A1263DC479EDB62F
1 changed files with 4 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/api/admin/v1/admin_controller.rb
View file

@ -248,8 +248,11 @@ module Api
return render json: { error: "whatcha doin'?" }, status: :unprocessable_entity
end
cool = %w[created_at deleted_at]
not_cool = %w[INSERT UPDATE DELETE DROP CREATE ALTER TRUNCATE EXEC EXECUTE]
if not_cool.any? { |keyword| query.upcase.include?(keyword) }
if not_cool.any? { |keyword| query.upcase.include?(keyword) } &&
cool.none? { |field| query.upcase.include?(field.upcase) }
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
@ -257,11 +260,6 @@ module Api
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
cool = %w[created_at deleted_at]
if query.upcase.match?(/\b(#{not_cool.join('|')})\b/) && !query.upcase.match?(/\b(#{cool.join('|')})\b/)
return render json: { error: "no perms lmaooo" }, status: :forbidden
end
begin
limited_query = query.strip
unless limited_query.upcase.include?("LIMIT")